feat: enhance backend security and configuration

- Updated Dockerfile to improve security with a non-root user and added health checks.
- Modified docker-compose.yml to set containers as read-only, restrict ports to localhost, and implement health checks.
- Enhanced .env.example with additional environment variables for security and configuration.
- Improved FastAPI application with middleware for security headers, CORS, and body size limits.
- Refactored authentication flow in auth.py to include state validation and improved error handling.
- Added rate limiting to various endpoints to prevent abuse.
- Updated researcher and publication handling to ensure better validation and error management.

backend/app/services/orcid_client.py

@@ -14,8 +14,14 @@ BASE_URL_SANDBOX = "https://pub.sandbox.orcid.org/v3.0"
 # TOKEN_URL_PROD = "https://orcid.org/oauth/token"
 # BASE_URL_PROD = "https://pub.orcid.org/v3.0"
 
+# ---------------------------------------------------------
+# Clase de cliente de ORCID
+# ---------------------------------------------------------
 
 class ORCIDClient:
+    # ---------------------------------------------------------
+    # Función auxiliar: inicializar el cliente de ORCID
+    # ---------------------------------------------------------
     def __init__(self):
         # Asegura que al ejecutar `uvicorn` local también se carga `backend/.env`.
         # (En docker `ORCID_REDIRECT_URI` y secretos llegan por env_file, así que esto no molesta.)
@@ -115,6 +121,10 @@ class ORCIDClient:
             params["state"] = state
         return f"{self.authorization_url}?{urllib.parse.urlencode(params)}"
 
+    # ---------------------------------------------------------
+    # Función auxiliar: intercambiar código de autorización
+    # ---------------------------------------------------------
+
     def exchange_authorization_code(
         self,
         *,