Remove rate_limit_user_by_id_endpoint feature flag

Enforce rate limit of API endpoint /api/v4/users/:id
of maximum 300 calls per 10 minutes per logged-in user,
unless user is an admin or on the allowlist

Changelog: added

config/feature_flags/development/rate_limit_user_by_id_endpoint.yml

----
-name: rate_limit_user_by_id_endpoint
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73069
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348796
-milestone: '14.6'
-type: development
-group: group::optimize
-default_enabled: false

lib/api/users.rb

@@ -142,14 +142,12 @@ module API
       get ":id", feature_category: :users do
         forbidden!('Not authorized!') unless current_user
 
-        if Feature.enabled?(:rate_limit_user_by_id_endpoint, type: :development)
         unless current_user.admin?
           check_rate_limit!(:users_get_by_id,
             scope: current_user,
             users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist
           )
         end
-        end
 
         user = User.find_by(id: params[:id])
 

spec/requests/api/users_spec.rb

@@ -649,20 +649,6 @@ RSpec.describe API::Users do
           expect(response).to have_gitlab_http_status(:ok)
         end
       end
-
-      context 'when feature flag is disabled' do
-        before do
-          stub_feature_flags(rate_limit_user_by_id_endpoint: false)
-        end
-
-        it 'does not throttle the request' do
-          expect(Gitlab::ApplicationRateLimiter).not_to receive(:throttled?)
-
-          get api("/users/#{user.id}", user)
-
-          expect(response).to have_gitlab_http_status(:ok)
-        end
-      end
     end
 
     context 'when job title is present' do