Rate limiting for GET /api/:version/groups/:id when the projects member is requested

What does this MR do and why?

GET /api/v4/groups/:id?with_projects=true is deprecated (albeit the default behaviour, for backward compatibility reasons); it includes the projects member in the returned API response. That's expensive to calculate and is generally unnecessary - other endpoints let you access the same information in a more efficient manner.

Limiting requests to deprecated API endpoints is a way to induce users to switch to the non-deprecated alternatives. We can add more endpoints over time.

This MR is closely based on the work done for https://gitlab.com/gitlab-org/gitlab/-/issues/335075 - in fact, it's almost entirely a copy-paste of these four MRs:

1. Database migration MR <== !68559 (merged)
2. Throttling configuration form in Admin Area MR: !68560 (merged)
3. Rack attack configuration MR: !68561 (merged)
4. Documentation update: !68645 (merged)

I could submit it as four separate commits in four separate MRs, and will if the combination seems unmanageable. For now, it's split into a commit for each of the MRs listed above.

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #337829 (closed)