Maven virtual registry: implement specific rack attack rate limits

🔥 Problem

The Maven virtual registry con be hammered in the same way that the GitLab Maven package registry can be hammered.

The problem, at the time of this writing, is that the entire package registry feature enjoys a dedicated rate limit that is higher than the usual api_authenticated and api_unauthenticated rate limits.

However, the Maven virtual registry will use these default rate limits. Depending on the situation, it is very easy to hit the limit.

For example, sbt is a client that will pull dependencies in parallel using 6 concurrent processes. It is thus very easy to hit the standard rate limit.

🚒 Solution

Implement a dedicated set of rack attack rate limits for the virtual registry feature.

Follow https://docs.gitlab.com/development/application_limits/#implement-rate-limits-using-rackattack

(Bonus) Depending on the amount of work, include the UI changes.