Contain search for unauthenticated users and rate limit searches
We need to contain searching to local users for unauthenticated users. To enable certain usecases, such as archival instances, this should be a configurable option that is default enabled.
We also need to configure rate limits on all API calls (but especially searches) for unauthenticated users.