Implement security hardening, notification pipeline, and CI test suite

Security hardening:

- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.

- Added message anti-spam controls (per-chat rate + duplicate cooldown).

- Implemented refresh token rotation with JTI tracking and revoke support.

Notification pipeline:

- Added Celery app and async notification tasks for mention/offline delivery.

- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.

- Added notification dispatch from message flow and notifications listing endpoint.

Quality gates and CI:

- Added pytest async integration tests for auth and chat/message lifecycle.

- Added pytest config, test fixtures, and GitHub Actions CI workflow.

- Fixed bcrypt/passlib compatibility by pinning bcrypt version.

- Documented worker and quality-gate commands in README.

app/notifications/repository.py

@@ -5,3 +5,15 @@ from app.notifications.models import NotificationLog
 
 async def create_notification_log(db: AsyncSession, *, user_id: int, event_type: str, payload: str) -> None:
     db.add(NotificationLog(user_id=user_id, event_type=event_type, payload=payload))
+
+
+async def list_user_notifications(db: AsyncSession, *, user_id: int, limit: int = 50) -> list[NotificationLog]:
+    from sqlalchemy import select
+
+    result = await db.execute(
+        select(NotificationLog)
+        .where(NotificationLog.user_id == user_id)
+        .order_by(NotificationLog.id.desc())
+        .limit(limit)
+    )
+    return list(result.scalars().all())