Ratelimits

[romanchyla]

for historical reasons, the GET remains for /bootstrap

this PR adds ability to control ratelimits per individual OAuth application (numbeor of oauth apps is related to the gloal ratelimit_level of the user - which can be individually set)

[coveralls]

Coverage increased (+0.4%) to 83.297% when pulling 59e054660f8b7f662cba30b81e716b876f633836 on romanchyla:ratelimits into 42daa159d76d8044131f78737b3bab20857a0793 on adsabs:master.

[romanchyla]

to document here what we discussed over hangouts: the code doesn't work under the assumption that sum of all oauth applications is lower than the global ratelimit; we may at some points decide that we want to give one particular oauth key a much higher limits, or that we want to give one user account higher/lower global limits (but not influence their existing apps)

in the future, two new endpionts will be needed:

• to rebalance existing applications
• to remove/delete an oauth application