Fraud spam logging

setup in-application rate limiting using redis and fail2ban

context: tpo/web/donate-static#115

this MR is blocked, waiting on fail2ban to be configured on crm-ext-01 (patch waiting for review in tpo/web/donate-static#115) fail2ban is now configured on crm-ext-01 via puppet, just waiting for this MR to be reviewed

when the frontend hits the /process-stripe endpoint, the backend runs the checkRatelimit method. this method uses fixed-window limiting using redis, taken from redis docs. when a user makes more than 5 charges (failed or succeeded) in 10 seconds, the application logs to a ratelimit log, which would be processed by fail2ban. user identifiers are stored as an HMAC with a secret key instead of being stored in cleartext.