[TT-11927] [poc]implement ratelimit smoothing

[jeffy-mathew]

Description

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

[github-actions]

API Changes

--- prev.txt	2024-04-27 21:49:11.072140126 +0000
+++ current.txt	2024-04-27 21:49:08.180140924 +0000
@@ -5621,6 +5621,9 @@
 
 	// Controls which algorthm to use as a fallback when your distributed rate limiter can't be used.
 	DRLEnableSentinelRateLimiter bool `json:"drl_enable_sentinel_rate_limiter"`
+
+	// EnableRateLimitSmoothing enables rate limit smoothing.
+	EnableRateLimitSmoothing bool `json:"enable_rate_limit_smoothing"`
 }
     RateLimit contains flags and configuration for controlling rate limiting
     behaviour. It is embedded in the main config structure.
@@ -6788,6 +6791,7 @@
 	EventTokenCreated         apidef.TykEvent = "TokenCreated"
 	EventTokenUpdated         apidef.TykEvent = "TokenUpdated"
 	EventTokenDeleted         apidef.TykEvent = "TokenDeleted"
+	EventRateLimitingSmoothed apidef.TykEvent = "RateLimitSmoothing"
 )
     Register new event types here, the string is the code used to hook at the
     Api Deifnititon JSON/BSON level
@@ -8424,6 +8428,8 @@
 
 func (l *LDAPStorageHandler) LoadConfFromMeta(meta map[string]interface{})
 
+func (l LDAPStorageHandler) Lock(string, time.Duration) (bool, error)
+
 func (l LDAPStorageHandler) RemoveFromList(keyName, value string) error
 
 func (l LDAPStorageHandler) RemoveFromSet(keyName, value string)
@@ -8881,6 +8887,8 @@
 
 func (r RPCStorageHandler) IsRetriableError(err error) bool
 
+func (r *RPCStorageHandler) Lock(key string, timeout time.Duration) (bool, error)
+
 func (r *RPCStorageHandler) ProcessKeySpaceChanges(keys []string, orgId string)
     ProcessKeySpaceChanges receives an array of keys to be processed,
     those keys are considered changes in the keyspace in the management layer,
@@ -9450,12 +9458,15 @@
 
 func (l *SessionLimiter) Context() context.Context
 
-func (l *SessionLimiter) ForwardMessage(r *http.Request, currentSession *user.SessionState, rateLimitKey string, quotaKey string, store storage.Handler, enableRL, enableQ bool, globalConf *config.Config, api *APISpec, dryRun bool) sessionFailReason
+func (l *SessionLimiter) ForwardMessage(r *http.Request, currentSession *user.SessionState,
+	rateLimitKey string, quotaKey string, store storage.Handler, enableRL, enableQ bool,
+	globalConf *config.Config, api *APISpec, dryRun bool) sessionFailReason
     ForwardMessage will enforce rate limiting, returning a non-zero
     sessionFailReason if session limits have been exceeded. Key values to manage
     rate are Rate and Per, e.g. Rate of 10 messages Per 10 seconds
 
-func (l *SessionLimiter) RedisQuotaExceeded(r *http.Request, currentSession *user.SessionState, quotaKey, scope string, limit *user.APILimit, store storage.Handler, hashKeys bool) bool
+func (l *SessionLimiter) RedisQuotaExceeded(r *http.Request, currentSession *user.SessionState, quotaKey, scope string,
+	limit *user.APILimit, store storage.Handler, hashKeys bool) bool
 
 type SlaveDataCenter struct {
 	SlaveOptions config.SlaveOptionsConfig
@@ -10803,6 +10814,7 @@
 	RemoveFromList(string, string) error
 	AppendToSet(string, string)
 	Exists(string) (bool, error)
+	Lock(string, time.Duration) (bool, error)
 }
     Handler is a standard interface to a storage backend, used by
     AuthorisationManager to read and write key values to the backend
@@ -10865,6 +10877,8 @@
 
 func (m MdcbStorage) IncrememntWithExpire(string, int64) int64
 
+func (m MdcbStorage) Lock(key string, timeout time.Duration) (bool, error)
+
 func (m MdcbStorage) RemoveFromList(key string, value string) error
 
 func (m MdcbStorage) RemoveFromSet(key string, value string)
@@ -11611,6 +11625,9 @@
 	QuotaRemaining     int64   `json:"quota_remaining" msg:"quota_remaining"`
 	QuotaRenewalRate   int64   `json:"quota_renewal_rate" msg:"quota_renewal_rate"`
 	SetBy              string  `json:"-" msg:"-"`
+
+	// smoothing related configuration
+	Smoothing *RateLimitSmoothing `json:"smoothing,omitempty" msg:"smoothing,omitempty"`
 }
     APILimit stores quota and rate limit on ACL level (per API)
 
@@ -11702,6 +11719,14 @@
 	PerAPI     bool `bson:"per_api" json:"per_api"`
 }
 
+type RateLimitSmoothing struct {
+	Rate             int64   `json:"rate"`
+	Interval         int64   `json:"interval"`
+	Threshold        int64   `json:"threshold"`
+	Trigger          float64 `json:"trigger"`
+	CurrentAllowance int64   `json:"currentAllowance"`
+}
+
 type SessionState struct {
 	LastCheck                     int64                       `json:"last_check" msg:"last_check"`
 	Allowance                     float64                     `json:"allowance" msg:"allowance"`
@@ -11744,6 +11769,9 @@
 	SessionLifetime         int64                  `bson:"session_lifetime" json:"session_lifetime"`
 
 	KeyID string `json:"-"`
+
+	// smoothing related configuration
+	Smoothing *RateLimitSmoothing `json:"smoothing,omitempty" msg:"smoothing,omitempty"`
 	// Has unexported fields.
 }
     SessionState objects represent a current API session, mainly used