Relax API rate limits for self-hosted deployments (#2465)

- Introduced NoopApiRateLimiter to effectively disable API rate limiting for self-hosted mode.
- Updated ApiRateLimiter to delegate to NoopApiRateLimiter when running self-hosted.
- Increased Rack::Attack throttle limits significantly for self-hosted deployments.
- Added tests for NoopApiRateLimiter to ensure correct behavior.
- This allows self-hosted users to make more API requests without restriction, while keeping stricter limits for SaaS deployments.

config/initializers/rack_attack.rb

@@ -9,8 +9,11 @@ class Rack::Attack
     request.ip if request.path == "/oauth/token"
   end
 
+  # Determine limits based on self-hosted mode
+  self_hosted = Rails.application.config.app_mode.self_hosted?
+
   # Throttle API requests per access token
-  throttle("api/requests", limit: 100, period: 1.hour) do |request|
+  throttle("api/requests", limit: self_hosted ? 10_000 : 100, period: 1.hour) do |request|
     if request.path.start_with?("/api/")
       # Extract access token from Authorization header
       auth_header = request.get_header("HTTP_AUTHORIZATION")
@@ -25,7 +28,7 @@ class Rack::Attack
   end
 
   # More permissive throttling for API requests by IP (for development/testing)
-  throttle("api/ip", limit: 200, period: 1.hour) do |request|
+  throttle("api/ip", limit: self_hosted ? 20_000 : 200, period: 1.hour) do |request|
     request.ip if request.path.start_with?("/api/")
   end