Security: Add rate limiting to internal Lambda API endpoints (#5113)

Apply UserRateThrottle to Lambda-authenticated challenge endpoints that
previously had throttling disabled.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>

Author: RishabhJain2018

apps/challenges/views.py

@@ -5507,7 +5507,7 @@ def _authenticate_lambda_request(request):
 
 
 @api_view(["GET"])
-@throttle_classes([])
+@throttle_classes([UserRateThrottle])
 @permission_classes(())
 @authentication_classes(())
 def get_challenge_autoscale_meta(request, challenge_pk):
@@ -5555,7 +5555,7 @@ def get_challenge_autoscale_meta(request, challenge_pk):
 
 
 @api_view(["GET"])
-@throttle_classes([])
+@throttle_classes([UserRateThrottle])
 @permission_classes(())
 @authentication_classes(())
 def get_challenge_pending_submission_count(request, challenge_pk):