Extend XC WAAP to support rate limiting based on response status codes, not only on request matching.

Today, rate limiting only counts incoming requests. We propose allowing rate limits to be applied based on response codes (e.g. 403) too, and enforcing a block once the threshold is surpassed —either by returning HTTP 429 Too Many Requests, or by temporarily or permanently blocking the user (configurable by the administrator).

Use case example:
Prevent users from generating more than a defined number of 403 authentication responses (or other response codes) within a given period. Once the limit is exceeded, subsequent requests to the endpoint should be blocked, regardless of the response they would otherwise produce (HTTP 429, or temporary blocked, or permanent blocked)