Add rate limiting to the API

[ntimo]

Hello,
first off awesome project. I just took a look at the official bitwarden API and saw that it has a rate limit. I would like suggest to add a rate limit too. It should probably use the same headers like the official one:

x-rate-limit-limit: 1m
x-rate-limit-remaining: 199
x-rate-limit-reset: 2019-11-13T22:48:01.3005818Z

What do you think about that? Maybe the limit could also be made configurable using a environment variable.

[dani-garcia]

So far we've intentionally kept out of this space because it's reasonably easy to do with external tools while it could be quite complex to implement correctly and at the same time it would require a lot of configurability because no one wants the exact same setup. For example, someone might prefer to only ratelimit the login endpoint, or apply different limits to loggedin users vs anonymous users, someone might want to ban the users after the limit is reached, others might want to block them for a certain time, someone could want more restrictive limits for some IP range or more relaxed for the local LAN...

Personally I wouldn't mind some basic ratelimiting being built in, but a more robust solution would be to create documentation on how to integrate bitwarden_rs with the rate limiting of third party proxies or firewalls.

[BlackDex]

To keep the issue tracker more focused, I'm closing this issue in favor of the meta issue at #246