Add rate limiting to high-risk

Introduce centralized rate limiting by applying defined tiers (STRICT, STANDARD, LENIENT, MODERATE) to high-risk edge functions:
- export-user-data (STRICT, 5 req/min)
- send-contact-message (STANDARD, 20 req/min)
- validate-email-backend (LENIENT, 30 req/min)
- admin-delete-user, resend-deletion-code (MODERATE)
- additional standard targets identified (request-account-deletion, cancel-account-deletion) as per guidance

Implements:
- Wrapped handlers with withRateLimit using centralized rateLimiters
- Imported from shared rate limiter module
- Annotated with comments explaining tier rationale
- Updated three initial functions and extended coverage to admin/account management functions
- Added documentation guide for rate limiting usage

This aligns with the Rate Limiting Guide and centralizes rate limit configuration for consistency.

supabase/functions/validate-email-backend/index.ts

@@ -1,6 +1,7 @@
 import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.39.3';
 import { corsHeaders } from '../_shared/cors.ts';
+import { rateLimiters, withRateLimit } from '../_shared/rateLimiter.ts';
 import { edgeLogger } from "../_shared/logger.ts";
 import { formatEdgeError } from "../_shared/errorFormatter.ts";
 
@@ -51,7 +52,9 @@ function validateEmailFormat(email: string): EmailValidationResult {
   return { valid: true };
 }
 
-serve(async (req) => {
+// Apply lenient rate limiting (30 req/min) for email validation
+// Users may need to validate multiple times during signup/profile update
+serve(withRateLimit(async (req) => {
   const tracking = startRequest();
   
   // Handle CORS preflight requests
@@ -115,4 +118,4 @@ serve(async (req) => {
       }
     );
   }
-});
+}, rateLimiters.lenient, corsHeaders));