fix(#290): Secure identity verification endpoint

Added @UseGuards(AuthGuard) and rate limiting (@Throttle) to
/api/v1/federation/identity/verify endpoint. Configured strict
rate limit (10 req/min) to prevent abuse of this previously
public endpoint. Added test to verify guards are applied.

Security improvement: Prevents unauthorized access and rate limit
abuse of identity verification endpoint.

Fixes #290

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

apps/api/src/federation/identity-linking.controller.ts

@@ -5,6 +5,7 @@
  */
 
 import { Controller, Post, Get, Patch, Delete, Body, Param, UseGuards } from "@nestjs/common";
+import { Throttle } from "@nestjs/throttler";
 import { AuthGuard } from "../auth/guards/auth.guard";
 import { IdentityLinkingService } from "./identity-linking.service";
 import { IdentityResolutionService } from "./identity-resolution.service";
@@ -45,8 +46,11 @@ export class IdentityLinkingController {
    *
    * Verify a user's identity from a remote instance.
    * Validates signature and OIDC token.
+   * Rate limit: "strict" tier (10 req/min) - public endpoint requiring authentication
    */
   @Post("verify")
+  @UseGuards(AuthGuard)
+  @Throttle({ strict: { limit: 10, ttl: 60000 } })
   async verifyIdentity(@Body() dto: VerifyIdentityDto): Promise<IdentityVerificationResponse> {
     return this.identityLinkingService.verifyIdentity(dto);
   }