Add separate RackAttack throttle for /jwt/auth

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

As noted in https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/656, the /jwt/auth endpoint is cheap but heavily hit, and it is sub-optimal to set the rate-limit for all authenticated web (and unauthenticated) traffic to a threshold sufficient for /jwt/auth. If we can exclude that, we can set those base rate-limits much lower, providing additional protective effect against actual malicious or unfortunate traffic.