fix: align PHP requirement and implement rate limiting

- Update composer.json to require PHP ^8.3 (required by grazulex/laravel-apiroute ^1.2)
- Add rate limiting to routes using laravel-apiroute's rateLimit() and Laravel's throttle middleware
  - Public routes (login/register): throttle:auth (5/min for brute force protection)
  - Protected routes: throttle:authenticated (120/min)
  - Global version rate limit: 60 req/min via ->rateLimit(60)
- Remove unused import in routes/web.php (fixes Pint style issue)
- Update composer.lock with synchronized dependencies

routes/api.php

@@ -17,13 +17,17 @@ use Illuminate\Support\Facades\Route;
 
 // Version 1 - Current stable version
 ApiRoute::version('v1', function () {
-    // Public routes
-    Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
-    Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
+    // Public routes with auth rate limiter (5/min - brute force protection)
+    Route::middleware('throttle:auth')->group(function () {
+        Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
+        Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
+    });
 
-    // Protected routes
-    Route::middleware('auth:sanctum')->group(function () {
+    // Protected routes with authenticated rate limiter (120/min)
+    Route::middleware(['auth:sanctum', 'throttle:authenticated'])->group(function () {
         Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout');
         Route::get('me', [AuthController::class, 'me'])->name('api.v1.me');
     });
-})->current();
+})
+    ->current()
+    ->rateLimit(60); // Global rate limit: 60 requests/minute for v1