Add rate limits for Organizations API endpoints
## Problem Statement Several Tenant Scale (now ~"group::organizations") API endpoints lack rate-limiting protection, making them vulnerable to abuse by malicious actors for user enumeration attacks. Specifically, the following endpoints can be exploited: * [List user projects API](https://docs.gitlab.com/ee/api/projects.html#list-user-projects) * [List projects a user has contributed to API](https://docs.gitlab.com/ee/api/projects.html#list-projects-a-user-has-contributed-to) * [List projects starred by a user API](https://docs.gitlab.com/ee/api/projects.html#list-projects-starred-by-a-user) **Impact:** Without proper rate limiting, these endpoints can be systematically abused to: * Enumerate user information and project associations * Perform attacks on GitLab instances * Overload systems with excessive API requests As we have done previously with https://gitlab.com/gitlab-org/gitlab/-/issues/29040+, we must rate-limit certain API endpoints to prevent abuse of these endpoints (for user enumeration) by malicious actors, as discussed [here](https://gitlab.com/gitlab-org/gitlab/-/issues/412929#note_1421216410). ## Exit Criteria * [x] Implementation: * [x] Rate limits implemented for [all identified Organizations API endpoints](https://gitlab.com/gitlab-org/gitlab/-/issues/421905) * [x] Rate limiting [configurable in admin settings](https://gitlab.com/gitlab-org/gitlab/-/issues/421909) * [x] Rate limiting scoped appropriately (`current_user || request.ip`) for both authenticated and unauthenticated access * [x] API documentation updated to reflect [new rate limiting behavior](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152733) * [x] [Blog post published announcing](https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/138792) the rate limiting changes with timeline. * [x] Communicate to the [users breaching the proposed limits](https://gitlab.com/gitlab-org/gitlab/-/issues/458904) * [x] Rolling out the [rate limits on gitlab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/461316) * [x] Rolling out the rate limits to only [new dedicated and self-managed installations](https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/5570#note_2640680171) so existing installations aren't affected. ## DRI @abdwdd @lohrc
epic