Add explicit rate limits and total connection limit

- Make RateLimit explicit in relay builder (500 subs, 60 events/min)
- Add NGIT_MAX_CONNECTIONS config option (default: 500)
- Update all 4 config locations (src, nix, docs, .env.example)
- Fix documentation error: filter limit 5000→500
- Document Phase 2 deferral decision (per-IP enforcement)

Addresses primary DoS vector (connection exhaustion) with minimal code.
Per-IP rate limiting deferred until abuse detected in production.

Related: issue ff38 (git endpoint throttling - separate concern)

1 files changed, 11 insertions, 1 deletions

diff --git a/.env.example b/.env.example
index 707efd4..953ae93 100644
--- a/.env.example
+++ b/.env.example
@@ -277,4 +277,14 @@
 # Examples:
 #   NGIT_EVENT_BLACKLIST=npub1spam...
 #   NGIT_EVENT_BLACKLIST=npub1spam...,npub1abuser...
-# NGIT_EVENT_BLACKLIST=
\ No newline at end of file
+# NGIT_EVENT_BLACKLIST=
+
+# ============================================================================
+# RATE LIMITING & DOS PROTECTION
+# ============================================================================
+
+# Maximum total connections to the relay
+# Prevents connection exhaustion DoS attacks
+# CLI: --max-connections <count>
+# Default: 500
+# NGIT_MAX_CONNECTIONS=500
\ No newline at end of file