The current rate limiting implementation applies limit per user. It would be useful to extend this to be able to provide additional rate limiting checks that apply to specific projects or repositories (or even specific non-personal HTTP access tokens), regardless (or in addition to) which user is making the request.

This could involve expanding the existing rate limiting UI to allow creating exemptions and tracking history for rate limiting of non-personal HTTP access tokens (which are currently rate limited by default settings only).