feat: add source IP rate limiter middleware

What does this MR do?

Adds the middleware func to the rate limit package for source IPs.

It gets the source IP from r.RemoteAddr or from the X-Forwarded-For header for proxied requests (when --listen-proxy is enabled).

The first iteration will only report logs and metrics when an IP is being rate limited.

The rate limiter uses a Token Bucket approach using golang.org/x/time/rate, which can be configured with the newly added flags rate-limit-source-ip and rate-limit-source-ip-burst.

To enable the rate limiter, set rate-limit-source-ip to value > 1, which is the number of requests per second to allow. It is enabled by default in "dry-run" mode so requests won't be dropped until the environment variable FF_ENABLE_RATE_LIMITER is set to "true".

See metrics.go for the newly added metrics.

Demo with rate limit of 0.5 (1 req every 2s) https://www.youtube.com/watch?v=9hojKBu3-Kk

When an IP is rate limited, the following page is served.

TODO

• I added the Changelog trailer (e.g. Changelog: feature) to the commits that need to be included in the changelog
• I added unit tests or they are not required
• I added acceptance tests or they are not required
• I added documentation (or it's not required)
• I followed code review guidelines
• I followed Go Style guidelines

Related to #627 (closed)