fix(security): sanitize request method/URI in RateLimitFilter log (CWE-117)

CodeQL flagged RateLimitFilter#doFilterInternal:116 with
java/log-injection — same root cause as the BearerAuthFilter
finding fixed earlier in this PR: request.getMethod() and
request.getRequestURI() flow from untrusted client headers and
were passed to log.warn unsanitized.

Reuses BearerAuthFilter.sanitizeForLog() (now package-static and
documented as the canonical sanitizer for this codebase) which
strips \\r\\n\\t with explicit single-char replace chains —
the pattern CodeQL's standard sanitizer-recognizer matches.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: aksOps

src/main/java/io/github/randomcodespace/iq/config/security/RateLimitFilter.java

@@ -113,8 +113,14 @@ protected void doFilterInternal(HttpServletRequest request,
         long retryAfterSec = Math.max(1L,
                 Duration.ofNanos(probe.getNanosToWaitForRefill()).toSeconds());
         String requestId = currentRequestId();
+        // CWE-117 / CodeQL java/log-injection: request method and URI flow
+        // from untrusted client headers; sanitize before logging via
+        // BearerAuthFilter.sanitizeForLog (strips \r\n\t with explicit
+        // single-char replace chains — the pattern CodeQL recognizes).
         log.warn("Rate-limited: {} {} (request_id={}, retry_after={}s)",
-                request.getMethod(), request.getRequestURI(), requestId, retryAfterSec);
+                BearerAuthFilter.sanitizeForLog(request.getMethod()),
+                BearerAuthFilter.sanitizeForLog(request.getRequestURI()),
+                requestId, retryAfterSec);
         // 429 — jakarta.servlet doesn't define a constant for this in all versions.
         response.setStatus(429);
         response.setHeader("Retry-After", String.valueOf(retryAfterSec));