Rate Limiting

[mpstefan]

As an application developer using NGF
I want to limit the amount of traffic originating from any one client
So that a single or small set of clients cannot degrade the performance of my application by making too many requests.

Background

Rate limiting is the first of three major use cases that greatly improved by NGINX Plus' State Sharing capability. It is also one of the most common use cases for an API Gateway product in order to achieve a basic level of security against performance degradation. By building a capability around configuring rate limits and enabling state sharing, we set the groundwork to enable OAuth2 and Session Persistence use cases to be delivered in future releases.

State sharing is critically important for rate limiting once the user scales to multiple replicas, as without it, rate limits will only be tracked individually per nginx instance and gives the user no real way to configure a global rate limit for a client.

Acceptance Criteria

• NGF users are able to configure rate limits as a policy to attach to a Route or Gateway resource.

### Tasks
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2886
- [ ] Implementation
- [ ] Functional Test
- [ ] Rate Limit Guide