fix(middleware): exempt health check from rate limiter via DisableRateLimiting() (#451)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: nanotaboada

CHANGELOG.md

@@ -54,6 +54,7 @@ This project uses famous football stadiums (A-Z) that hosted FIFA World Cup matc
 
 ### Changed
 
+- Call `.DisableRateLimiting()` on `MapHealthChecks("/health")` to enforce the exemption from the global rate limiter at the endpoint level, ensuring health check probes are never throttled (#451)
 - Move `UseCors()` before `MapControllers()` in `Program.cs` to follow the standard ASP.NET Core middleware pipeline order; add an `Infrastructure` service registration section separating cross-cutting concerns (health checks, CORS, rate limiting, Swagger) from the `Controllers` section; add descriptive phrases to top-level section banners; add inline comments explaining the purpose and ordering rationale of each middleware; document the dev-only CORS policy intent in both `Program.cs` and `ServiceCollectionExtensions.AddCorsDefaultPolicy` (#451)
 - Replace pre-seeded `storage/players-sqlite3.db` binary blob with EF Core `MigrateAsync()` at startup: schema and seed data are now applied automatically before the first request is served; `STORAGE_PATH` env var controls the database file path (Docker volume path in production, `AppContext.BaseDirectory/storage/` locally); the committed database file, `Dockerfile` db copy step, and `scripts/run-migrations-and-copy-database.sh` have been removed (#459)
 - Recreate EF Core migrations using `HasData()` in `OnModelCreating`: three self-contained migrations (`InitialCreate` DDL, `SeedStarting11` DML, `SeedSubstitutes` DML) generated by EF Core with literal `InsertData` values — no migration calls application methods; `NormalizePlayerDataset` patch migration eliminated by folding corrections into seed data from the start (#459)

src/Dotnet.Samples.AspNetCore.WebApi/Program.cs

@@ -89,11 +89,10 @@
 // Redirects all plain HTTP requests to HTTPS, enforcing transport security.
 app.UseHttpsRedirection();
 
-// Intentionally registered before UseRateLimiter so that health check probes
-// always succeed regardless of rate-limiting thresholds, allowing monitoring
-// and orchestration systems to assess liveness and readiness without being
-// throttled.
-app.MapHealthChecks("/health");
+// DisableRateLimiting() exempts the health check endpoint from the global rate
+// limiter so that monitoring and orchestration systems can always assess
+// liveness and readiness without being throttled.
+app.MapHealthChecks("/health").DisableRateLimiting();
 
 // Enforces the fixed-window rate limiting policy defined during service
 // registration, returning 429 Too Many Requests when the limit is exceeded.