Review QR code builder for website integration

[qvidal01]

This prepares the QR Builder API for integration with aiqso.io website:

Authentication & Authorization:

• Add API key authentication middleware (X-API-Key header)
• Add tier-based access control (free, pro, business)
• Free tier: basic + text QR, 10/day limit, 500px max
• Pro tier: all styles, 500/day, batch up to 10, custom colors
• Business tier: all styles, 5000/day, batch up to 50

Rate Limiting:

• Per-minute and per-day rate limits by tier
• Automatic rate limit headers (X-RateLimit-*)
• 429 responses with helpful upgrade messages

Backend Integration:

• Webhook endpoints for tier updates (/webhooks/update-tier)
• API key invalidation endpoint (/webhooks/invalidate-key)
• Usage tracking endpoints for Odoo (/usage/logs, /usage/stats)

CORS Configuration:

• Configured for aiqso.io domain in production
• Allows all origins when auth is disabled (dev mode)

New Endpoints:

• GET /tiers - List available tiers for pricing page
• GET /me - Get current user info and usage
• POST /webhooks/update-tier - Update user tier
• POST /webhooks/invalidate-key - Invalidate API key
• GET /usage/logs - Get usage logs since timestamp
• GET /usage/stats/{user_id} - Get user statistics
• POST /usage/cleanup - Clean old usage logs

Environment Variables:

• QR_BUILDER_AUTH_ENABLED (default: true)
• QR_BUILDER_BACKEND_SECRET (required for production)
• QR_BUILDER_BACKEND_URL (default: https://api.aiqso.io)
• QR_BUILDER_ALLOWED_ORIGINS (default: aiqso.io domains)

Documentation:

• Add comprehensive Next.js integration guide
• Include code examples for frontend, backend, and Stripe webhooks
• Add Odoo sync integration example

Version bumped to 0.3.0