Rate limit nginx routes that verify the password

Also remove rate-limit middleware

Test using something like:

    ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login

Part of #187

setup/start/nginx/appconfig.ejs

@@ -83,6 +83,12 @@ server {
             client_max_body_size 1m;
         }
 
+        location ~ ^/api/v1/(developer|session)/login$ {
+            proxy_pass   http://127.0.0.1:3000;
+            client_max_body_size 1m;
+            limit_req zone=admin_login burst=5;
+        }
+
         # the read timeout is between successive reads and not the whole connection
         location ~ ^/api/v1/apps/.*/exec$ {
             proxy_pass   http://127.0.0.1:3000;
@@ -99,7 +105,6 @@ server {
             root   <%= sourceDir %>/webadmin/dist;
             index  index.html index.htm;
         }
-
 <% } else if ( endpoint === 'app' ) { %>
         proxy_pass http://127.0.0.1:<%= port %>;
 <% } else if ( endpoint === 'splash' ) { %>