Add feature flag :rate_limit_username_exists_endpoint

As a :development feature flag to control the rollout of
the rate limiting of `/users/:username/exists`

app/controllers/users_controller.rb

@@ -23,7 +23,9 @@ class UsersController < ApplicationController
   before_action :user, except: [:exists]
   before_action :authorize_read_user_profile!,
                 only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following]
-  before_action -> { check_rate_limit!(:username_exists, scope: request.ip) }, only: [:exists]
+  before_action only: [:exists] do
+    check_rate_limit!(:username_exists, scope: request.ip) if Feature.enabled?(:rate_limit_username_exists_endpoint, default_enabled: :yaml)
+  end
 
   feature_category :users
 

config/feature_flags/development/rate_limit_username_exists_endpoint.yml

+---
+name: rate_limit_username_exists_endpoint
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77119
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348974
+milestone: '14.7'
+type: development
+group: group::optimize
+default_enabled: false

spec/requests/users_controller_spec.rb

@@ -681,7 +681,7 @@ RSpec.describe UsersController do
     end
 
     context 'when the rate limit has been reached' do
-      it 'returns JSON indicating the user exists', :aggregate_failures do
+      it 'returns status 429 Too Many Requests', :aggregate_failures do
         ip = '1.2.3.4'
         expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:username_exists, scope: ip).and_return(true)