THV-0057: Address review feedback on rate limiting RFC

[jerm-dro]

Summary

Addresses all 18 review comments from @ChrisJBurns on THV-0057 (Rate Limiting for MCP Servers).

Key changes:

• Middleware ordering: Updated diagram to show Auth → MCP Parser → RateLimit → [remaining chain]
• Config renames: capacity → maxTokens, refillPeriodSeconds → refillPeriod (Duration type)
• Admission-time validation: CRD schema validation instead of startup errors, RateLimitingConfigValid status condition
• vMCP field placement: Moved from spec.config.rateLimiting to spec.rateLimiting for consistent CRD validation
• Redis keys: Added namespace to prevent cross-namespace collisions, specified TTL and key derivation
• Optimizer interaction: Documented as tech debt, links to THV-0060 and Enforce Cedar policies on optimizer find_tool and call_tool toolhive#4385
• JSON-RPC error format: Concrete rejection response with error code -32029 and Retry-After in error.data
• Observability: Added metric categories and span attributes
• Fail-open: State-transition logging, Sentinel failover bucket reset documented
• Security: TLS contradiction fixed, scope and limitations section added
• Alternatives: Added Envoy/Istio, webhook-based, and fixed window counter evaluations
• Plan section: MCPRemoteProxy and CLI rate limiting deferred

Test plan

• Review RFC changes match the posted PR comment responses

🤖 Generated with Claude Code