Make rate limit of /users/:id API configurable

When we rolled out the rate limiting of /users/:id API, on staging some specs have started to fail with 429 Too Many Requests status.

In order to better discriminate between legitimate short bursts of requests and sustained misuse of the endpoint, it is better to use a bigger limit and longer interval (such as 300 per 10 minutes instead of 10 per minute). Additionally, the limit should be configurable, so that it can be set differently on staging.