fix: FORMS-1303 rate limit admin, permission, and role

[WalterMoar]

Description

The CodeQL security scan recommends having rate limiting on all routes that touch the database. This is to prevent denial of service attacks by calling these “resource heavy” routes repeatedly.

This work will be split into a few Pull Requests so that we can monitor behaviour. This PR will apply API rate limiting to the currently non-limited routes in /admin, /permission, and /role.

Type of Change

fix (a bug fix)

Checklist

• I have read the CONTRIBUTING doc
• I have checked that unit tests pass locally with my changes
• I have run the npm script lint on the frontend and backend
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)
• I have approval from the product owner for the contribution in this pull request

Further comments

Note: no tests for this. The end goal is to have the rate limiter applied in the root app.js, and removed from each of these route.js files. No point in writing tests for the route.js files only to turf them later.

[WalterMoar]

Note: to be merged and deployed on 2024-10-07.

[github-actions]

Release 969cd93 deployed at https://chefs-dev.apps.silver.devops.gov.bc.ca/pr-1508