controllers: refactor rate limits.

Refactor controllers so that endpoint rate limits are declared locally,
with the endpoint, instead of globally, in a single method in ApplicationController.

This way an endpoint's rate limit is declared in the same file as the
endpoint itself.

This is so we can add fine-grained rate limits for certain GET requests.
Before rate limits were only for non-GET requests.

app/controllers/post_disapprovals_controller.rb

@@ -1,6 +1,8 @@
 class PostDisapprovalsController < ApplicationController
   respond_to :js, :html, :json, :xml
 
+  rate_limit :destroy, rate: 1.0/1.second, burst: 200
+
   def create
     @post_disapproval = authorize PostDisapproval.new(user: CurrentUser.user, **permitted_attributes(PostDisapproval))
     @post_disapproval.save