test: implement middleware unit tests (auth, rate limit, idempotency) #24
Description
internal/middleware/ has zero test coverage. Three files to cover:
auth.go: valid key passes, revoked key rejected, expired key rejected, suspended tenant rejected, cache hit within TTL, cache miss after expiry
ratelimit.go: per-tenant 100 rps enforced, global 500 rps enforced, Retry-After header on 429, idle eviction after 1 hour
idempotency.go: duplicate Idempotency-Key returns cached response, body hash mismatch returns 422, expired keys not replayed, per-tenant limit of 50 enforced
Use testutil.NewStateDB for DB-backed tests.