docs(env): clarify rate limiting configuration in .env.example

- Add explanation for optional rate limiting configuration
- Provide default values and units for rate limit settings
- Improve clarity on purpose and usage of rate limiting options

Author: fulleni

.env.example

@@ -44,11 +44,15 @@
 # This provides a secure way to set or recover the admin account.
 # OVERRIDE_ADMIN_EMAIL="[email protected]"
 
-# --- Rate Limiting ---
-# Configuration for the /auth/request-code endpoint.
-RATE_LIMIT_REQUEST_CODE_LIMIT=3
-RATE_LIMIT_REQUEST_CODE_WINDOW_HOURS=24
-
-# Configuration for the /data API endpoints.
-RATE_LIMIT_DATA_API_LIMIT=1000
-RATE_LIMIT_DATA_API_WINDOW_MINUTES=60
+# OPTIONAL: Configure API request limits to prevent abuse.
+# The application provides sensible defaults if these are not set.
+#
+# Limit for the /auth/request-code endpoint (requests per window).
+# RATE_LIMIT_REQUEST_CODE_LIMIT=3
+# Window for the /auth/request-code endpoint, in hours.
+# RATE_LIMIT_REQUEST_CODE_WINDOW_HOURS=24
+#
+# Limit for the generic /data API endpoints (requests per window).
+# RATE_LIMIT_DATA_API_LIMIT=1000
+# Window for the /data API endpoints, in minutes.
+# RATE_LIMIT_DATA_API_WINDOW_MINUTES=60