fix: address code review feedback - increase API rate limit, improve referrer policy, and clarify password placeholder

Co-authored-by: PatrickFanella <61631520+PatrickFanella@users.noreply.github.com>

backend/backend.env.example

@@ -3,7 +3,7 @@
 # Database Configuration
 # For SQLite (legacy): file:./prisma/dev.db
 # For PostgreSQL (recommended): postgresql://user:password@host:5432/database
-DATABASE_URL=postgresql://spywatcher:your_password@localhost:5432/spywatcher
+DATABASE_URL=postgresql://spywatcher:CHANGE_THIS_PASSWORD@localhost:5432/spywatcher
 
 # Discord Configuration
 ADMIN_DISCORD_IDS=your_admin_discord_ids

nginx/nginx.conf

@@ -12,7 +12,7 @@ http {
     }
 
     # Rate limiting
-    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=30r/s;
     limit_req_zone $binary_remote_addr zone=general_limit:10m rate=50r/s;
 
     server {
@@ -23,7 +23,7 @@ http {
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header X-XSS-Protection "1; mode=block" always;
-        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        add_header Referrer-Policy "no-referrer-when-downgrade" always;
 
         # API proxy
         location /api/ {