Comment 30 for bug 1545092

I am working on a draft note now. Seems the consensus is to suggest rate limiting, so here is a similar OSSN I created for Keystone: http://lists.openstack.org/pipermail/openstack-dev/2016-July/099776.html - perhaps something of the same ilk again?

I think this also adds incentive to expand the rate limiting section in the api endpoint section of the security guide. Will make a note do this, after this OSSN is released.