Sprint 5 : integration et production -- securite, performance, API publique, documentation

Backend: rate limiter, security headers, blockchain cache service avec RPC,
public API (7 endpoints read-only), WebSocket auth + heartbeat, DB connection
pooling, structured logging, health check DB. Frontend: API retry/timeout,
WebSocket auth + heartbeat + typed events, notifications toast, mobile hamburger
+ drawer, error boundary, offline banner, loading skeletons, dashboard enrichi.
Documentation: guides utilisateur complets (demarrage, vote, sanctuaire, FAQ 30+),
guide deploiement, politique securite. 123 tests, 155 fichiers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/config.py

@@ -6,24 +6,41 @@ class Settings(BaseSettings):
     APP_NAME: str = "Glibredecision"
     DEBUG: bool = True
 
+    # Environment
+    ENVIRONMENT: str = "development"  # development, staging, production
+    LOG_LEVEL: str = "INFO"
+
     # Database
     DATABASE_URL: str = "postgresql+asyncpg://glibredecision:change-me-in-production@localhost:5432/glibredecision"
+    DATABASE_POOL_SIZE: int = 20
+    DATABASE_MAX_OVERFLOW: int = 10
 
     # Auth
     SECRET_KEY: str = "change-me-in-production-with-a-real-secret-key"
     CHALLENGE_EXPIRE_SECONDS: int = 300
     TOKEN_EXPIRE_HOURS: int = 24
+    SESSION_TTL_HOURS: int = 24
 
     # Duniter V2 RPC
     DUNITER_RPC_URL: str = "wss://gdev.p2p.legal/ws"
+    DUNITER_RPC_TIMEOUT_SECONDS: int = 10
 
     # IPFS
     IPFS_API_URL: str = "http://localhost:5001"
     IPFS_GATEWAY_URL: str = "http://localhost:8080"
+    IPFS_TIMEOUT_SECONDS: int = 30
 
     # CORS
     CORS_ORIGINS: list[str] = ["http://localhost:3002"]
 
+    # Rate limiting (requests per minute)
+    RATE_LIMIT_DEFAULT: int = 60
+    RATE_LIMIT_AUTH: int = 10
+    RATE_LIMIT_VOTE: int = 30
+
+    # Blockchain cache
+    BLOCKCHAIN_CACHE_TTL_SECONDS: int = 3600
+
     # Paths
     BASE_DIR: Path = Path(__file__).resolve().parent.parent