feat(security): extend rate limits on sync, tests, evidence and reports [FASE-3.4]

backend/app/routers/evidence.py

@@ -24,7 +24,7 @@ import os
 import uuid as _uuid
 from typing import Optional
 
-from fastapi import APIRouter, Depends, File, Form, Query, UploadFile, status
+from fastapi import APIRouter, Depends, File, Form, Query, Request, UploadFile, status
 from sqlalchemy.orm import Session
 
 from app.database import get_db
@@ -44,6 +44,7 @@ from app.services.evidence_service import (
     validate_file,
     validate_upload_permission,
 )
+from app.limiter import limiter
 from app.storage import get_presigned_url, upload_file
 
 router = APIRouter(tags=["evidence"])
@@ -78,7 +79,9 @@ def _evidence_to_out(evidence: Evidence) -> EvidenceOut:
     response_model=EvidenceOut,
     status_code=status.HTTP_201_CREATED,
 )
+@limiter.limit("10/minute")
 async def upload_evidence(
+    request: Request,
     test_id: _uuid.UUID,
     file: UploadFile = File(...),
     team: TeamSide = Form(TeamSide.red),