T1.3 Rate-limit headers Redis live

Live demo van de sliding-window rate-limiter (INT-849). Limiet kunstmatig op 5 gezet voor zichtbaarheid (productie default: 1000 / 15 min). Window: 900s sliding. Backend: Redis sorted-set op api_rate:internip_demo.
#1
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 4
X-RateLimit-Reset: 1780342112 (900s)
{"ok":true,"demo":"request #1"}
200
OK
#2
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 3
X-RateLimit-Reset: 1780342112 (900s)
{"ok":true,"demo":"request #2"}
200
OK
#3
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 2
X-RateLimit-Reset: 1780342112 (900s)
{"ok":true,"demo":"request #3"}
200
OK
#4
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 1
X-RateLimit-Reset: 1780342112 (900s)
{"ok":true,"demo":"request #4"}
200
OK
#5
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1780342112 (900s)
{"ok":true,"demo":"request #5"}
200
OK
#6
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1780342112 (900s)
Retry-After: 900s
{"error":"rate_limited","message":"Retry after 900s."}
429
Too Many
#7
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1780342112 (900s)
Retry-After: 900s
{"error":"rate_limited","message":"Retry after 900s."}
429
Too Many
Spec-update parallel: nieuwe Rate limiting-sectie in developers.interip.nl/ documenteert deze drie headers + de 429-fallback voor externe ontwikkelaars.
Implementatie-locaties 
beta/dashboard/api/v1/lib/rate_limit.php   ← lib (sliding window via Redis sorted set)
beta/dashboard/api/v1/lib/auth.php         ← wired in api_authenticate() na succesvolle auth
beta/dashboard/api/v1/lib/bootstrap.php    ← require_once rate_limit.php + redis-helper.php
dashboardadmin.interip.nl/migrations/074-api-client-rate-limit-column.sql
                                            ← mig: api_clients.rate_limit_per_window kolom
                                              (klaar, nog niet uitgevoerd — wacht op PM-ack)

Pre-mig-074 valt het systeem terug op default 1000 voor alle clients. Na mig 074 kan per-client getuned worden via api_clients.rate_limit_per_window.