controllers: refactor rate limits.

Refactor controllers so that endpoint rate limits are declared locally,
with the endpoint, instead of globally, in a single method in ApplicationController.

This way an endpoint's rate limit is declared in the same file as the
endpoint itself.

This is so we can add fine-grained rate limits for certain GET requests.
Before rate limits were only for non-GET requests.

app/controllers/moderation_reports_controller.rb

@@ -1,6 +1,8 @@
 class ModerationReportsController < ApplicationController
   respond_to :html, :xml, :json, :js
 
+  rate_limit :create, rate: 1.0/1.minute, burst: 10
+
   def new
     @moderation_report = authorize ModerationReport.new(permitted_attributes(ModerationReport))
     respond_with(@moderation_report)