Add application-level rate limits for crate updates, yanking and unyanking

[pietroalbini]

This PR follows up on #6872 by adding support for multiple kinds of rate limits in RateLimiter and adding a limit for yanking and unyanking, which would've prevented last Friday's outage.

As I was already changing this code, I also moved the rate limit for publishing existing crates from nginx into the application. This makes the limit more precise (as it's not per-server anymore, potentially allowing up to 4x the limit), and allows overriding the limit just for a subset of users.

With this PR, the rate limits are:

Action	Burst amount	Refill time
Publish new crates	5	1 every 10 minutes
Publish updates to existing crates	30	1 every minute
Yanking or unyanking	100	1 every minute

Note that the environment variables also changed:

• From WEB_NEW_PKG_RATE_LIMIT_RATE_MINUTES to RATE_LIMITER_PUBLISH_NEW_RATE_SECONDS
• From WEB_NEW_PKG_RATE_LIMIT_BURST to RATE_LIMITER_PUBLISH_NEW_BURST

[Turbo87]

I was going to rebase the PR for you, but apparently you didn't check the "Maintainers are allowed to edit this pull request." checkbox... 😅

Pushing to github.com:ferrous-systems/crates.io.git
ERROR: Permission to ferrous-systems/crates.io.git denied to Turbo87.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

[pietroalbini]

Rebased.

[bors]

☔ The latest upstream changes (presumably #6892) made this pull request unmergeable. Please resolve the merge conflicts.

[pietroalbini]

Addressed all review comments.

[Turbo87]

thanks! :)

[Turbo87]

thread 'krate::publish::publish_new_crate_rate_limited' panicked at 'assertion failed: `(left == right)`
  left: `429`,
 right: `200`', src/tests/krate/publish.rs:1024:10

it looks like one of the tests is a little flaky :-/