Change rate limits for various paths (#14253)

- Rate limit login attempts by target account
- Rate limit password resets and e-mail re-confirmations by target account
- Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before

config/initializers/rack_attack_logging.rb

@@ -2,5 +2,6 @@ ActiveSupport::Notifications.subscribe(/rack_attack/) do |_name, _start, _finish
   req = payload[:request]
 
   next unless [:throttle, :blacklist].include? req.env['rack.attack.match_type']
+
   Rails.logger.info("Rate limit hit (#{req.env['rack.attack.match_type']}): #{req.ip} #{req.request_method} #{req.fullpath}")
 end