chore(api): add a pass through rate limit

[rcmarron]

Problem

Today, user's can hit the API on repeat with no throttling.

Changes

Adds in two "pass through" rate limits that log when a rate limit would have been hit, so we can start learning what actual rate limits should be. Specifically it adds:

• Burst rate limit: 120 requests/minute
• Sustained rate limit: 1000 requests/hour

Notes:

• This is a simple first step. Eventually our rate limit logic will be pretty complex and account for things like:
  • Limits shared amongst and entire org/team
  • Different endpoints have different limits (e.g. limit CH queries per hour)
• These rate limits do not apply to the capture or decide endpoints because those don't use DRF

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

How did you test this code?

Added tests that verify:

• Both rate limits log when they're hit, but don't actually rate limit
• The capture + decide endpoints aren't rate limited
• Unauthenticated users are rate limited

[pauldambra]

As the on-call person who was paged just yesterday thanks to a script kiddie I thought I'd flyby add some 💖. This is awesome 🙌

[rcmarron]

Thanks for the review! Will merge it in tomorrow morning PST