Separate limits for authenticated users

[MartinKolarik]

Part of jsdelivr/dash-directus#18

• Rename the current "rate limit" mentions in config/code to "anonymous rate limit", e.g., measurement.rateLimit -> measurement.anonymousRateLimit. It will keep working as it does but apply only to unauthenticated requests.
• Add a new measurement.authenticatedRateLimit option with the default value 250.
• Users can send a header in the format Authorization: Bearer TOKEN
  • If the token doesn't exist, is expired, or fails the origin check, the response is a 401 error.
  • If the token is valid, the anonymous rate limit is not applied; instead, the authenticatedRateLimit applies with the user account id being used as the key.

Requirements:

• new tokens must work instantly, without any delay
• deleted/revoked tokens should stop working reasonably fast
• don't query the DB on every single request
• the first time the token is used each day, its date_last_used value is updated in the DB

Suggestion:

• query the DB once a minute for all tokens; for each token found, store it in process memory as valid for the next two minutes
• if a request comes with a token that isn't in memory - query the DB for the specific token and store the result - valid/invalid - for the next two minutes

Note that the same token will also make it possible to use credits if the user reaches their hourly quota, but I'll open a separate task for that.

I've made some small changes related to this in https://github.com/jsdelivr/globalping/tree/gh-473 so please continue there.