- Implemented tests for `extractAuthCookieToken` to ensure it returns an empty string when the request is nil and ignores non-auth cookies.
- Added tests for `isAdminSecurityControlPlaneRequest` to verify it correctly uses the decoded raw path.
- Enhanced `NewRateLimitMiddleware` tests to check fallback behavior for non-positive window values and to ensure it bypasses rate limiting for control plane bearer requests.
93325bb1ca