314f686963
Remove stale "CSRF is disabled pending #524" note; update secFilter description to reflect the enabled double-submit cookie pattern. Add LoginRateLimiter and RateLimitProperties components with their relationships to AuthService. Update frontend→secFilter rel to show X-XSRF-TOKEN header. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>