feat: Adds robust speed hack detection and movement throttling

[kamronbatman]

Summary

Server-side movement throttle that prevents speed hacking while accurately identifying cheaters with detection of lagging connections.

Key features:

• Credit buffer (200ms) absorbs timing jitter from legitimate players
• Movement queue handles larger bursts, draining at proper game-tick intervals
• RTT measurement distinguishes network lag from speed hacks
• Queue depth detection catches ACK-throttled speed hacks (going straight)

How It Works

Throttle (prevention): Movements arriving too early either consume credit or get queued. The queue drains at
correct intervals, so speed hackers can't move faster regardless of what they send.

Detection (identification): Combines multiple signals to identify cheaters:

Signal	What it catches
Queue depth ≥4 sustained	ACK-throttled speed hacks (client limits unacked moves to 5)
Movement rate >1.05x	Direction-change speed hacks where timing is visible
Stable RTT + high queue	Eliminates false positives from laggy players

RTT-Aware Logic:

• Probes only sent to players actively moving (event-driven, not global loop)
• Stable low-latency + problems = suspicious
• Unstable/high-latency + problems = probably just lag, throttle handles it

Configuration

{
  "movementThrottle.maxCredit": 200,
  "movementThrottle.softQueueLimit": 6,
  "movementThrottle.hardQueueLimit": 10,
  "movementThrottle.debugLogging": false
}

Test Plan

• Normal movement feels responsive (credit absorbs minor jitter)
• Speed hack with direction changes triggers detection
• Speed hack going straight triggers queue-based detection
• Laggy players don't get false positives
• World save doesn't cause post-save movement rejections

[Copilot]

Pull Request Overview

This PR fixes the existing movement throttle mechanism by implementing a token-bucket-based throttle system and adds logging for detecting potential speed hacks.

• Implements a token bucket algorithm that accumulates credit over time (capped at 2 seconds)
• Adds detection and logging for consecutive movement throttles to identify suspicious activity
• Updates configuration parameters to use more descriptive names with a movementThrottle. prefix

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
Projects/Server/Network/NetState/NetState.cs	Adds initialization for movement throttle fields including _nextMovementTime, _lastSuspiciousActivityLog, and _consecutiveMovementThrottles
Projects/Server/Network/MovementThrottle.cs	Reimplements the throttle algorithm using a token bucket approach, adds suspicious activity logging, and updates configuration parameter names

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[jokker23]

This version has an issue where credit only restores when packets arrive late (delta > 0),
but normal movement sends packets early (normal client timing - packets arrive before
_nextMovementTime which is set to the future by Mobile.Move()).

Credit drains but never refills.
This means that legitimate players could drain all 2000ms credit by moving normally until
every packet gets blocked and re-queued thousands of times before eventually processing.

If there were enough people doing this at the same time...

Other than that it seems to function as we discussed.