fix(dashboard): bypass global rate limiting for internal UI endpoints

This commit resolves the 'Failed to load statistics' issue where dashboard panels appeared empty. The dashboard makes 10+ concurrent API requests on load, which was instantly triggering the global rate limit's burst threshold (default 10). Internal dashboard endpoints are now exempt from this strict LLM-traffic rate limiting since they are already secured by admin authentication.

src/dashboard/mod.rs

@@ -60,19 +60,16 @@ impl<T> ApiResponse<T> {
     }
 }
 
-/// Rate limiting middleware for dashboard routes that extracts AppState from DashboardState.
+/// Rate limiting middleware for dashboard routes
 async fn dashboard_rate_limit_middleware(
-    State(dashboard_state): State<DashboardState>,
+    State(_dashboard_state): State<DashboardState>,
     request: Request,
     next: Next,
 ) -> Result<Response, crate::errors::AppError> {
-    // Delegate to the existing rate limit middleware with AppState
-    crate::rate_limiting::middleware::rate_limit_middleware(
-        State(dashboard_state.app_state),
-        request,
-        next,
-    )
-    .await
+    // Bypass rate limiting for dashboard routes to prevent "Failed to load statistics"
+    // when the UI makes many concurrent requests on load.
+    // Dashboard endpoints are already secured via auth::require_admin.
+    Ok(next.run(request).await)
 }
 
 // Dashboard routes