Implement security hardening, notification pipeline, and CI test suite

Security hardening:

- Added IP/user rate limiting with Redis-backed counters and fail-open behavior.

- Added message anti-spam controls (per-chat rate + duplicate cooldown).

- Implemented refresh token rotation with JTI tracking and revoke support.

Notification pipeline:

- Added Celery app and async notification tasks for mention/offline delivery.

- Added Redis-based presence tracking and integrated it into realtime connect/disconnect.

- Added notification dispatch from message flow and notifications listing endpoint.

Quality gates and CI:

- Added pytest async integration tests for auth and chat/message lifecycle.

- Added pytest config, test fixtures, and GitHub Actions CI workflow.

- Fixed bcrypt/passlib compatibility by pinning bcrypt version.

- Documented worker and quality-gate commands in README.

app/notifications/router.py

@@ -1,3 +1,19 @@
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.auth.service import get_current_user
+from app.database.session import get_db
+from app.notifications.schemas import NotificationRead
+from app.notifications.service import get_notifications_for_user
+from app.users.models import User
 
 router = APIRouter(prefix="/notifications", tags=["notifications"])
+
+
+@router.get("", response_model=list[NotificationRead])
+async def list_my_notifications(
+    limit: int = 50,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> list[NotificationRead]:
+    return await get_notifications_for_user(db, user_id=current_user.id, limit=limit)