Rate limit third_party_auth/login requests

[dianakhuang]

As part of our investigation into #154, we discovered that the deadlock issue may be caused by the mobile app misbehaving and sending so many login requests in a short period of time that it creates lock contention on the user table.

There is mobile team work to reduce the frequency that mobile logins occur at, but we will want to add throttling to these endpoints in order to prevent any requests from hammering our login endpoint.

See https://github.com/openedx/edx-platform/blob/master/docs/decisions/0009_simplify_ratelimiting.rst for the proper way to add rate limiting.

Acceptance Criteria:

• Provide early warning to mobile that this is being picked up.
• Determine the specific mobile endpoint that requires rate limiting (the one with the issue).
• Investigate throttling of the third party auth endpoints to determine if ADR decisions can be applied.
• Depending on the complexity of the solution, either create a new ticket for the remaining work or implement throttling our third_party_auth endpoints (even those that are defined in social_django and not in edx-platform).
  • Work with mobile team on testing to ensure we don't break anything.