Portal: Phoenix API Railing wiring, env example, per-tenant rate limit

- Portal: phoenix-api-client, usePhoenixRailing hooks, /infrastructure page
- Portal: PhoenixHealthTile on dashboard, resources page uses tenant me/resources
- Sidebar: Infrastructure link; Keycloak token used for API calls (BFF)
- api/.env.example: PHOENIX_RAILING_URL, PHOENIX_RAILING_API_KEY
- rate-limit: key by tenant when tenantContext present

Made-with: Cursor

api/src/middleware/rate-limit.ts

@@ -18,14 +18,15 @@ const RATE_LIMIT_WINDOW = 60 * 1000 // 1 minute
 const RATE_LIMIT_MAX_REQUESTS = 100 // 100 requests per minute
 
 /**
- * Get client identifier from request
+ * Get client identifier from request (per-tenant when available)
  */
 function getClientId(request: FastifyRequest): string {
-  // Use IP address or user ID
-  const ip = request.ip || request.socket.remoteAddress || 'unknown'
+  const tenantId = (request as any).tenantContext?.tenantId
+  if (tenantId) return `tenant:${tenantId}`
   const userId = (request as any).user?.id
-  
-  return userId ? `user:${userId}` : `ip:${ip}`
+  if (userId) return `user:${userId}`
+  const ip = request.ip || request.socket.remoteAddress || 'unknown'
+  return `ip:${ip}`
 }
 
 /**