chore(backend) : rate limiting, cache-control, remove twig, clean deps

- Add login_throttling on /login_check (5 attempts/min) with symfony/rate-limiter
- Add Cache-Control: public, max-age=86400 on avatar responses
- Remove symfony/twig-bundle (unused in API-only project)
- Remove unused dev deps: symfony/browser-kit, symfony/css-selector
- Rename API Platform title to "Lesstime API"

Tickets: T-010, T-016, T-022, T-024, T-025

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

config/bundles.php

@@ -12,11 +12,9 @@ use Symfony\AI\McpBundle\McpBundle;
 use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
 use Symfony\Bundle\MonologBundle\MonologBundle;
 use Symfony\Bundle\SecurityBundle\SecurityBundle;
-use Symfony\Bundle\TwigBundle\TwigBundle;
 
 return [
     FrameworkBundle::class              => ['all' => true],
-    TwigBundle::class                   => ['all' => true],
     SecurityBundle::class               => ['all' => true],
     DoctrineBundle::class               => ['all' => true],
     DoctrineMigrationsBundle::class     => ['all' => true],

config/packages/api_platform.yaml

@@ -1,5 +1,5 @@
 api_platform:
-    title: Hello API Platform
+    title: Lesstime API
     version: 1.0.0
     formats:
         jsonld: ['application/ld+json']

config/packages/security.yaml

@@ -22,6 +22,9 @@ security:
             pattern: ^/login_check
             stateless: true
             provider: app_user_provider
+            login_throttling:
+                max_attempts: 5
+                interval: '1 minute'
             json_login:
                 check_path: /login_check
                 username_path: username

config/packages/twig.yaml

@@ -1,6 +0,0 @@
-twig:
-    file_name_pattern: '*.twig'
-
-when@test:
-    twig:
-        strict_variables: true