fix(www): add burst to simulate 1s rate limit buckets, closes #304

nginx determines rate limiting with 1ms resolution, see
https://www.nginx.com/blog/rate-limiting-nginx/#Configuring-Basic-Rate-Limiting

As a consequence, if no burst is configured, a minimum interval
equal to the inverse rate is required; requests coming in earler
are rejected. For example, if the rate is 30r/s, only one request
is allowed every 33ms. Configuring a burst of 29 will cause
rejection of requests only for those that are actually in excess
of the rate per second.

www/conf/sites-available/90-desec.api.location.var

@@ -2,7 +2,8 @@
 # Pass API requests to an API server
 ######
 location /api/ {
-    ${PROD_ONLY} limit_req zone=perip-api;
+    # burst=29 is because the rate is 30r/s, and we want to queue no more than one second
+    ${PROD_ONLY} limit_req zone=perip-api burst=29;
 
     expires epoch;
     etag off;