This change generalizes the rate limiting infrastructure a bit and adds support

for rate limiting API requests. I've changed it so that there are three

settings keys, LOGIN_LIMIT_RATE, API_ANONYMOUS_LIMIT_RATE, and

API_AUTHENTICATED_LIMIT_RATE. These can be set to None, which will disable

rate limiting for that type, or to a rate limit string as before.
If an API request is rate limited, the response will have the error and include

a couple special headers that show what the limit is and how long the user has

to wait before retrying the request.
As part of this, I've also fixed up a couple small issues with the logic

between the different cases depending on the value of increment. In the case

where it's False, we expect to get results as if we were incrementing, but

without actually storing the value to the cache. Once this was fixed, I was

able to fix is_ratelimited to actually check if the limit was exceeded,

rather than at or above.
Based on work by Raman Dhatt.

Manually made some authenticated and anonymous API requests with this

  configured and saw the expected results.
Ran unit tests.