Rate limiting of APIs

[jvilhuber]

Specific focus on auth-stuff (logins, password reset, etc).
But we should rate limit all (probably in the kube ingress. Verify the existing 20requests/second config we currently have)

[jvilhuber]

Some links:
https://github.com/stefanprodan/AspNetCoreRateLimit/wiki/IpRateLimitMiddleware#setup
https://www.nginx.com/blog/rate-limiting-nginx/
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#limit-rate
https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus
https://github.com/stefanprodan/WebApiThrottle

[jvilhuber]

recaptcha? https://stackoverflow.com/questions/53590011/how-to-implement-recaptcha-v3-in-asp-net
https://developers.google.com/recaptcha/docs/v3
https://developers.google.com/recaptcha/docs/verify