Abuse mitigation ideas

[carols10cents]

This issue is for brainstorming ways that we could prevent users creating many new crates by using a script, rather than the current method that is banning the account when we notice someone is already doing this.

• The GitHub API response for the request to /user does return created_at, meaning when the GitHub account was created. We could use this to restrict what new GitHub accounts are able to do, such as only allow X new crates published until the account is Y days/months old, or making the rate limit for new crates created by new GitHub accounts something very low (1 new crate per day?)
• If we implement the crates-as-namespaces RFC, we could make the rate limit for top-level crates something very low (1 new crate per day?) but then lift the rate limit on creating subcrates entirely.