perf: cache /bounty, /logs/histogram, /deckies; bump /config TTL to 5s

Round-2 follow-up: profile at 500c/u showed _execute still dominating
the uncached read endpoints (/bounty 76%, /logs/histogram 73%,
/deckies 56%). Same router-level TTL pattern as /stats — 5s window,
asyncio.Lock to collapse concurrent calls into one DB hit.

- /bounty: cache default unfiltered page (limit=50, offset=0,
  bounty_type=None, search=None). Filtered requests bypass.
- /logs/histogram: cache default (interval_minutes=15, no filters).
  Filtered / non-default interval requests bypass.
- /deckies: cache full response (endpoint takes no params).
- /config: bump _STATE_TTL from 1.0 to 5.0 — admin writes are rare,
  1s was too short for bursts to coalesce at high concurrency.

decnet/web/router/bounty/api_get_bounties.py

@@ -1,3 +1,5 @@
+import asyncio
+import time
 from typing import Any, Optional
 
 from fastapi import APIRouter, Depends, Query
@@ -8,6 +10,43 @@ from decnet.web.db.models import BountyResponse
 
 router = APIRouter()
 
+# Cache the unfiltered default page — the UI/locust hit this constantly
+# with no params. Filtered requests (bounty_type/search) bypass: rare
+# and staleness matters for search.
+_BOUNTY_TTL = 5.0
+_DEFAULT_LIMIT = 50
+_DEFAULT_OFFSET = 0
+_bounty_cache: tuple[Optional[dict[str, Any]], float] = (None, 0.0)
+_bounty_lock: Optional[asyncio.Lock] = None
+
+
+def _reset_bounty_cache() -> None:
+    global _bounty_cache, _bounty_lock
+    _bounty_cache = (None, 0.0)
+    _bounty_lock = None
+
+
+async def _get_bounty_default_cached() -> dict[str, Any]:
+    global _bounty_cache, _bounty_lock
+    value, ts = _bounty_cache
+    now = time.monotonic()
+    if value is not None and now - ts < _BOUNTY_TTL:
+        return value
+    if _bounty_lock is None:
+        _bounty_lock = asyncio.Lock()
+    async with _bounty_lock:
+        value, ts = _bounty_cache
+        now = time.monotonic()
+        if value is not None and now - ts < _BOUNTY_TTL:
+            return value
+        _data = await repo.get_bounties(
+            limit=_DEFAULT_LIMIT, offset=_DEFAULT_OFFSET, bounty_type=None, search=None,
+        )
+        _total = await repo.get_total_bounties(bounty_type=None, search=None)
+        value = {"total": _total, "limit": _DEFAULT_LIMIT, "offset": _DEFAULT_OFFSET, "data": _data}
+        _bounty_cache = (value, time.monotonic())
+        return value
+
 
 @router.get("/bounty", response_model=BountyResponse, tags=["Bounty Vault"],
     responses={401: {"description": "Could not validate credentials"}, 403: {"description": "Insufficient permissions"}, 422: {"description": "Validation error"}},)
@@ -28,6 +67,9 @@ async def get_bounties(
     bt = _norm(bounty_type)
     s = _norm(search)
 
+    if bt is None and s is None and limit == _DEFAULT_LIMIT and offset == _DEFAULT_OFFSET:
+        return await _get_bounty_default_cached()
+
     _data = await repo.get_bounties(limit=limit, offset=offset, bounty_type=bt, search=s)
     _total = await repo.get_total_bounties(bounty_type=bt, search=s)
     return {