fix(limit-count): make sliding-window limiter check-and-increment atomic

[shreemaan-abhishek]

Description

The limit-count sliding-window limiter read the current counter, evaluated the limit (including the smoothed carry-over from the previous window), and only then incremented, as three separate steps. With the redis stores the get and incr are separate round trips, so under concurrency multiple requests can all pass the check before any increment is observed and exceed the configured rate.

This folds the accept/reject decision and the increment into a single atomic store operation, check_and_incr:

• redis / redis-cluster / redis-sentinel: a Lua script that reads both windows, decides, and increments only on accept, in one server-side step.
• local (shared dict): a single non-yielding get/decide/incr sequence.

The existing contract is preserved: incoming() still never increments on reject (verified by the delayed-sync regression test), while commit() keeps flushing already-permitted deltas. The previous reactive post-increment re-check is no longer needed and is removed.

Because the redis script now touches two keys (current and previous window), the counter key carries a {...} hash tag so both windows hash to the same redis-cluster slot.

Which issue(s) this PR fixes:

N/A (hardening; reported internally against the API7 fork)

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change (internal correctness fix; no API/behavior change)
• I have verified that this change is backward compatible