- middleware
	- central place to install FastAPI middlewares (install_middlewares(app))
	- today: CORS (allowed origins from .env)
	- room for growth: request-id, access logging, rate-limit, security headers (HSTS/CSP), compression