add CLI enhancements and scheduled cleanup

CLI commands:
- list: show user's pastes with pagination
- search: filter by type (glob), after/before timestamps
- update: modify content, password, or extend expiry
- export: save pastes to directory with optional decryption

API changes:
- PUT /<id>: update paste content and metadata
- GET /pastes: add type, after, before query params

Scheduled tasks:
- Thread-safe cleanup with per-task intervals
- Activate cleanup_expired_hashes (15min)
- Activate cleanup_rate_limits (5min)

Tests: 205 passing

app/config.py

@@ -67,6 +67,18 @@ class Config:
     # URL prefix for reverse proxy deployments (e.g., "/paste" for mymx.me/paste)
     URL_PREFIX = os.environ.get("FLASKPASTE_URL_PREFIX", "").rstrip("/")
 
+    # IP-based rate limiting
+    # Limits paste creation per IP address using sliding window
+    RATE_LIMIT_ENABLED = os.environ.get("FLASKPASTE_RATE_LIMIT", "1").lower() in (
+        "1",
+        "true",
+        "yes",
+    )
+    RATE_LIMIT_WINDOW = int(os.environ.get("FLASKPASTE_RATE_WINDOW", "60"))  # seconds
+    RATE_LIMIT_MAX = int(os.environ.get("FLASKPASTE_RATE_MAX", "10"))  # requests per window
+    # Authenticated users get higher limits (multiplier)
+    RATE_LIMIT_AUTH_MULTIPLIER = int(os.environ.get("FLASKPASTE_RATE_AUTH_MULT", "5"))
+
     # PKI Configuration
     # Enable PKI endpoints for certificate authority and issuance
     PKI_ENABLED = os.environ.get("FLASKPASTE_PKI_ENABLED", "0").lower() in ("1", "true", "yes")
@@ -103,6 +115,11 @@ class TestingConfig(Config):
     # Disable PoW for most tests (easier testing)
     POW_DIFFICULTY = 0
 
+    # Relaxed rate limiting for tests
+    RATE_LIMIT_ENABLED = True
+    RATE_LIMIT_WINDOW = 1
+    RATE_LIMIT_MAX = 100
+
     # PKI testing configuration
     PKI_ENABLED = True
     PKI_CA_PASSWORD = "test-ca-password"