Implement Rate Limiting to Address Security Flags

[Kokonutic]

This PR implements comprehensive rate limiting across user API endpoints to enhance security and prevent abuse. The changes introduce IP-based request throttling with different limits based on endpoint sensitivity.

• Adds express-rate-limit dependency for implementing rate limiting middleware
• Creates specific rate limiters for different endpoint types (authentication, profile operations, status checks)
• Applies rate limiting middleware to all user routes with appropriate request limits
• Improves file path security in the profile image upload error handling

PR CHECKLIST

• My code follows the style guidelines of this project (variable naming, commenting, copyright, etc.)
• I have performed a self-review of my code
• Changes are clearly highlighted and easy to understand
• I have commented my code, particularly in hard-to-understand areas
• I have meaningful commit messages that explain what was changed/committed
• I have built and locally tested my changes
• My changes generate no new errors or regressions (pending verification)
• I have made corresponding changes to the documentation OR this is N/A
• Documentation accurately reflects the current state of the project OR this is N/A
• I have added tests that prove my fix is effective or that my feature works OR this is N/A
• New and existing unit tests pass locally with my changes OR this is N/A
• Any dependent changes have been merged and published in downstream modules OR this is N/A
• All links are working and correct OR this is N/A
• Spelling and grammar are correct
• I have added the "READY FOR REVIEWS" tag when this PR is ready for reviews

[Copilot]

Pull Request Overview

This PR implements comprehensive IP-based rate limiting across the application's API endpoints to enhance security and prevent abuse. The implementation uses the express-rate-limit middleware to apply different request limits based on endpoint sensitivity, with stricter limits for authentication and sensitive operations.

• Adds express-rate-limit dependency and creates endpoint-specific rate limiters with 15-minute windows
• Applies rate limiting to all user routes (signup, login, profile operations, password changes) and chat routes (trip operations, audit logs)
• Improves file path security in profile image upload error handling with path validation

Reviewed Changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.

File	Description
package.json	Adds express-rate-limit dependency
routes/user.js	Implements rate limiters for user endpoints and improves file path security
routes/chat.js	Adds rate limiting to chat/trip endpoints and removes unused imports
testing/	Adds comprehensive testing scripts for both Windows and Unix systems

[Rongbin99]

Pre-approving as implementation works on Windows. PENDING MACOS TESTING FOR TEST SCRIPTS.

Also, need to test the profile image upload functionality.

[Kokonutic]

Will test image upload another time.