Extend QA tests for rate limits
Summary
We want to add some QA tests to test the rate limit behaviour, I think we currently only test unauthenticated API requests in https://gitlab.com/gitlab-org/gitlab/blob/9bbcb6423aad1598a3a879f2a507e85f6e0ff738/qa/qa/specs/features/api/1_manage/rate_limits_spec.rb.
This should be extended to cover all available throttles (see e.g. the list at https://docs.gitlab.com/ee/user/admin_area/settings/user_and_ip_rate_limits.html#try-out-throttling-settings-before-enforcing-them), and also certain interactions between throttles (e.g. some apply to certain API endpoints, and should take precedence over the general API rate limit).
Background
This is a follow-up from !78082 (merged) which caused the production incident gitlab-com/gl-infra/production#6207 (closed) and had to be reverted. It contained a bug which caused all POST requests to be rate-limited by the throttle_protected_paths
throttle: !78082 (comment 817796863), gitlab-com/gl-infra/production#6207 (comment 818159387). When we reinstate that MR we'll extend the RSpec tests for this as well.
The gitlab-qa
user is now excluded from rate limits by default (https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/14200). So to bypass the rate limits we can simply not log in, or create a new user.