GraphQL gateway: Add query whitelist

## Overview ##
Currently, we don’t differentiate between cheap and heavy queries. We want to move production GraphQL to an allowlist of known queries and apply simple rate limit.

## To-Do:

- [ ] Analyze and log current legit GraphQL queries
- [ ] Implement a query allowlist and reject all non-whitelisted queries
- [ ] Add basic monitoring for rejected requests and rate limits