Add configurable rate limiting to the /login endpoint.