fix: namespace rate limiter keys and prevent setup checker interval loops

Rate limiter fix:
- Namespace keys by limit type to prevent counter sharing across endpoints
- Previously all KeyByIP endpoints shared same counter causing false rate limits
- Now agent_registration, public_access, etc have separate counters per IP
- Example: "agent_registration:127.0.0.1" vs "public_access:127.0.0.1"

Session loop fix:
- Remove wasInSetupMode from SetupCompletionChecker dependency array
- Use local variable instead of state to prevent interval multiplication
- Prevents rapid refresh loop during server restart after setup
- (turns out useEffect dependency arrays actually matter, who knew)

Tested:
- First agent registration now succeeds without rate limit (was 429)
- Public access requests don't affect agent registration quota
- No UI flashing during server restart
- Rate limit API endpoints functional (Settings UI needs work)

aggregator-server/internal/api/middleware/rate_limiter.go

@@ -136,8 +136,11 @@ func (rl *RateLimiter) RateLimit(limitType string, keyFunc func(*gin.Context) st
 			return
 		}
 
+		// Namespace the key by limit type to prevent different endpoints from sharing counters
+		namespacedKey := limitType + ":" + key
+
 		// Check rate limit
-		allowed, resetTime := rl.checkRateLimit(key, config)
+		allowed, resetTime := rl.checkRateLimit(namespacedKey, config)
 		if !allowed {
 			c.Header("X-RateLimit-Limit", fmt.Sprintf("%d", config.Requests))
 			c.Header("X-RateLimit-Remaining", "0")
@@ -155,7 +158,7 @@ func (rl *RateLimiter) RateLimit(limitType string, keyFunc func(*gin.Context) st
 		}
 
 		// Add rate limit headers
-		remaining := rl.getRemainingRequests(key, config)
+		remaining := rl.getRemainingRequests(namespacedKey, config)
 		c.Header("X-RateLimit-Limit", fmt.Sprintf("%d", config.Requests))
 		c.Header("X-RateLimit-Remaining", fmt.Sprintf("%d", remaining))
 		c.Header("X-RateLimit-Reset", fmt.Sprintf("%d", time.Now().Add(config.Window).Unix()))