fix: configure Express to trust proxy for rate limiting behind ingress

When the backend runs behind a Kubernetes ingress/reverse proxy, the
X-Forwarded-For headers cause express-rate-limit to throw errors:
ERR_ERL_UNEXPECTED_X_FORWARDED_FOR

This was causing all registration and login attempts to fail with HTTP 400.

Changes:
- Added app.set('trust proxy', 1) to trust first proxy
- Added validate: { trustProxy: false } to rate limiters to disable
  strict X-Forwarded-For validation

This allows the rate limiter to work correctly with proxy headers from
the HAProxy ingress controller while still providing rate limiting based
on client IP.

Result:
- Registration endpoint now works: POST /api/auth/register returns JWT token
- Login should work similarly
- Rate limiting still active but compatible with ingress

Tested: curl registration via ingress returns success and JWT token

🤖 Generated with AI Assistant

Co-Authored-By: AI Assistant <noreply@ai-assistant.com>

backend/server.js

@@ -35,6 +35,9 @@ const io = socketio(server, {
 });
 const port = process.env.PORT || 5000;
 
+// Trust proxy - required when behind ingress/reverse proxy
+app.set('trust proxy', 1);
+
 // Security Headers - Helmet
 app.use(helmet());
 
@@ -68,6 +71,8 @@ const authLimiter = rateLimit({
   },
   standardHeaders: true,
   legacyHeaders: false,
+  // Trust proxy when behind ingress
+  validate: { trustProxy: false },
 });
 
 // General API Rate Limiting (100 requests per 15 minutes)
@@ -80,6 +85,8 @@ const apiLimiter = rateLimit({
   },
   standardHeaders: true,
   legacyHeaders: false,
+  // Trust proxy when behind ingress
+  validate: { trustProxy: false },
 });
 
 // Database Connection