# Change: Expand Rate Limiting to Sensitive API Endpoints

## Why
Currently only the login endpoint has rate limiting. Other sensitive operations (task creation, report generation, bulk operations) can be abused through excessive requests, potentially causing service degradation or enabling brute-force attacks.

## What Changes
- Apply rate limiting to task creation/update endpoints
- Apply rate limiting to report generation endpoints
- Apply rate limiting to bulk operation endpoints
- Add configurable rate limit tiers based on endpoint sensitivity

## Impact
- Affected specs: user-auth
- Affected code:
  - `backend/app/api/tasks/router.py` - Task rate limits
  - `backend/app/api/reports/router.py` - Report rate limits
  - `backend/app/core/config.py` - Rate limit configuration