Add rate limit for public chat messages

[HenrikJannsen]

To avoid spam (as we got recently) we can add a rate limiting to messages and a ban policy if the limit is exceeded.

The detection of a misbehaving user is done at the domain layer (chat) and we can use the ban list (part of network but not used so far) to ban the user. Though that is not enough as we want to filter the messages where that user was the author. This could be done by a new feature using generic interface which gets implemented by the higher level domain.

The ban could be temporary and only in repeated detection becomes a permanent ban.

Suggested rate limit values:

• max. number of public chat messages per second: 5
• max. number of public chat messages per minute: 20
• max. number of public chat messages per hour: 100

Ban policy:

• Time to release ban after first ban: random value between 12 hours and 24 hours (the randomness should make it harder for an attacker to exploit that)
• If the user gets detected again after the release, the ban becomes permanent.

We could add a UI for managing banned users (remove banned users from the ban list).

Note, that this is all a local feature. The moderator can ban users network wide and that is an independent feature.
Also users can ban manually other users locally in the chat UI.

[suddenwhipvapor]

I think that more than the value of the rate limiting itself, if a temp ban will be automatically issued, an important feature will be to warn the user once he reaches 80% of that limit, or in any case just in time before he is banned. I don't see a legit reason why someone should write that much, but you never know, and it could result in very bad UX for someone getting banned while he was doing something not malicious.