exempt /health from rate limiting

Health check endpoint was being rate-limited (60/hour), causing
container health checks (every 30s = 120/hour) to fail with 429.

Uses flask-limiter's request_filter to bypass rate limiting for
the health endpoint, supporting URL_PREFIX configuration.

app/__init__.py

@@ -226,12 +226,20 @@ def setup_rate_limiting(app: Flask) -> None:
     from flask_limiter import Limiter
     from flask_limiter.util import get_remote_address
 
+    def is_health_endpoint() -> bool:
+        """Check if request is to health endpoint (exempt from rate limiting)."""
+        # Get configured URL prefix (e.g., "/paste")
+        prefix = app.config.get("URL_PREFIX", "")
+        health_path = f"{prefix}/health" if prefix else "/health"
+        return request.path == health_path
+
     limiter = Limiter(
         key_func=get_remote_address,
         app=app,
         default_limits=["200 per day", "60 per hour"],
         storage_uri="memory://",
         strategy="fixed-window",
+        default_limits_exempt_when=is_health_endpoint,
     )
 
     # Store limiter on app for use in routes