fix(finale): ceremony-day rate-limit bucket — venue NAT would 429 audience polling

Requests consisting only of cheap public ceremony reads (+ token-gated vote
casts) get a 6000/min per-IP budget instead of 100/min. Vote integrity is
enforced by the token + AudienceFavoriteVote IP cap, not the rate limiter.
Found live: big-screen polling hit 429 within minutes in verification.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

src/app/api/trpc/[trpc]/route.ts

@@ -1,7 +1,7 @@
 import { fetchRequestHandler } from '@trpc/server/adapters/fetch'
 import { appRouter } from '@/server/routers/_app'
 import { createContext } from '@/server/context'
-import { checkRateLimit } from '@/lib/rate-limit'
+import { checkRateLimit, isCeremonyTraffic } from '@/lib/rate-limit'
 
 // Allow long-running operations (AI filtering, bulk imports)
 // This affects Next.js serverless functions; for self-hosted, Nginx timeout also matters
@@ -9,6 +9,9 @@ export const maxDuration = 300 // 5 minutes
 
 const RATE_LIMIT = 100 // requests per window
 const RATE_WINDOW_MS = 60 * 1000 // 1 minute
+// Ceremony-day polling: whole venues share one IP (NAT) and every screen
+// polls a few cheap public reads — see CEREMONY_PROCEDURES in lib/rate-limit.
+const CEREMONY_RATE_LIMIT = 6000
 
 function getClientIp(req: Request): string {
   return (
@@ -20,7 +23,10 @@ function getClientIp(req: Request): string {
 
 const handler = (req: Request) => {
   const ip = getClientIp(req)
-  const { success, remaining, resetAt } = checkRateLimit(`trpc:${ip}`, RATE_LIMIT, RATE_WINDOW_MS)
+  const ceremony = isCeremonyTraffic(new URL(req.url).pathname)
+  const { success, remaining, resetAt } = ceremony
+    ? checkRateLimit(`trpc-ceremony:${ip}`, CEREMONY_RATE_LIMIT, RATE_WINDOW_MS)
+    : checkRateLimit(`trpc:${ip}`, RATE_LIMIT, RATE_WINDOW_MS)
 
   if (!success) {
     return new Response(JSON.stringify({ error: 'Too many requests' }), {