Enable rate limiting based on API Operations annotations

[johndotcocking]

API Platform allows special actions to be added to entity-backed endpoints. (https://api-platform.com/docs/core/controllers/#creating-custom-operations-and-controllers), which can easily be used for special operations on an entity. For example, this might be used to flag a Product or Customer for administrative review, or to manage a publication action. In this case, a developer might wish to rate-limit this reporting mechanism, but not all actions on the endpoint using the same HTTP verb (GET, PUT, DELETE, etc).

A relevant bit of the example annotation might look something like:

/**
 * @ApiResource(itemOperations={
 *     "get",
 *     "flag_product"={
 *         "method"="GET",
 *         "path"="/books/{id}/flag",
 *         "controller"=FlagEntity::class,
 *     }
 * })
 */

In this case, we wish to rate limit only the flag_product entry, not the regular GET operation on the entity. Because this information is available to the Request as one of its attributes, _api_item_operation_name, we can check for this when deciding upon rate limiting.

This PR offers a simple approach to incorporating this information into the existing RateLimitHandler.

[johndotcocking]

It looks like the issue with TravisCI is systematic, rather than related to this code change:

Code coverage needs to be enabled in php.ini by setting 'xdebug.mode' to 'coverage' The command "./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover" exited with 2.

If I have misunderstood, please let me know!

[Bastlynn]

This looks really straightforward and could be really useful for more fine tuned control. Thoughts @IndraGunawan ?

[IndraGunawan]

thanks @johndotcocking!