feat: rate limiting de tools por room en registry

Añade rate limiting de tool calls por room usando sliding window:

- tools/ratelimit.go: RateLimiter con sliding window per key (room),
  Allow() para verificar/registrar llamadas, Cleanup() para limpiar
  entries expiradas
- tools/registry.go: SetRateLimiter() y ExecuteForRoom() que verifica
  el rate limit antes de ejecutar, logueando tool_rate_limited si excede
- internal/config/schema.go: ToolRateLimitCfg en SecurityCfg con
  enabled, max_calls_per_min y cleanup_interval_s
- agents/runtime.go: inicializa rate limiter desde config y arranca
  goroutine de cleanup periodico
- agents/commands.go: usa ExecuteForRoom en !tool command

Config YAML:
  security:
    tool_rate_limit:
      enabled: true
      max_calls_per_min: 10

Parte de issue 0019c (prompt injection hardening — rate limiting).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

internal/config/schema.go

@@ -280,10 +280,18 @@ type SSHTargetCfg struct {
 // ── Security ──────────────────────────────────────────────────────────────
 
 type SecurityCfg struct {
-	Roles    map[string]RoleCfg `yaml:"roles"`
-	Audit    AuditCfg           `yaml:"audit"`
-	Secrets  SecretsCfg         `yaml:"secrets"`
-	Sanitize SanitizeCfg        `yaml:"sanitize"`
+	Roles         map[string]RoleCfg `yaml:"roles"`
+	Audit         AuditCfg           `yaml:"audit"`
+	Secrets       SecretsCfg         `yaml:"secrets"`
+	Sanitize      SanitizeCfg        `yaml:"sanitize"`
+	ToolRateLimit ToolRateLimitCfg   `yaml:"tool_rate_limit"`
+}
+
+// ToolRateLimitCfg controls per-room rate limiting of tool executions.
+type ToolRateLimitCfg struct {
+	Enabled          bool `yaml:"enabled"`            // enable tool rate limiting (default false)
+	MaxCallsPerMin   int  `yaml:"max_calls_per_min"`  // max tool calls per room per minute (default 10)
+	CleanupIntervalS int  `yaml:"cleanup_interval_s"` // seconds between stale entry cleanup (default 60)
 }
 
 // SanitizeCfg controls prompt injection detection on incoming messages.