Add limits for Projects List API for unauthenticated requests

What does this MR do and why?

For #388435 (closed)

This MR:

• Adds new column on application_settings with the name projects_api_rate_limit_unauthenticated, with a default value of 400 (per 10 minutes)
• The limit of 400 requests/10 minutes/IP address was decided upon based on #388435 (comment 1281516886).
• This value is used as rate limiter for unauthenticated requests to the GET /projects endpoint.
• This rate limit is not applicable for authenticated requests.
• The whole change is behind a feature flag - rate_limit_for_unauthenticated_projects_api_access.
• Allows setting the value of projects_api_rate_limit_unauthenticated application setting via the API and the UI (when the above feature flag is enabled).
• Adds documentation for the change.

Frontend change

Adds this setting in the admin/application_settings/network page (behind the rate_limit_for_unauthenticated_projects_api_access feature flag)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

• Perform Feature.enable(:rate_limit_for_unauthenticated_projects_api_access) in Rails console to enable the feature.
• Go to admin/application_settings/network and set the value of the setting in the screenshot above to a low value, like 5
• Open /api/v4/projects endpoint in an incognito window so that you can perform unauthenticated requests.
• Notice that you can make 5 requests to this endpoint within 10 minutes, but a 6th call within the 10 minute interval would give a response with HTTP status too_many_requests.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #388435 (closed)