Set Retry-After header when RackAttack throttling

Fixes https://gitlab.com/gitlab-org/gitlab/-/issues/287602.  Our
documentation claims we set this header, but we do not.  Some of our
client libraries (python-gitlab for example) will use it to make better
choices about back-off

changelogs/unreleased/add-retry-after-header-rackattack.yml

+---
+title: Set Retry-After header when RackAttack throttling
+merge_request: 48310
+author:
+type: fixed

ee/spec/lib/gitlab/rack_attack_spec.rb

@@ -11,6 +11,7 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do
       stub_const("Rack::Attack", fake_rack_attack)
       stub_const("Rack::Attack::Request", fake_rack_attack_request)
 
+      expect(fake_rack_attack).to receive(:throttled_response_retry_after_header=).with(true)
       allow(fake_rack_attack).to receive(:throttle)
       allow(fake_rack_attack).to receive(:track)
       allow(fake_rack_attack).to receive(:safelist)

lib/gitlab/rack_attack.rb

@@ -7,6 +7,8 @@ module Gitlab
     def self.configure(rack_attack)
       # This adds some methods used by our throttles to the `Rack::Request`
       rack_attack::Request.include(Gitlab::RackAttack::Request)
+      # Send the Retry-After header so clients (e.g. python-gitlab) can make good choices about delays
+      Rack::Attack.throttled_response_retry_after_header = true
       # Configure the throttles
       configure_throttles(rack_attack)
     end

spec/lib/gitlab/rack_attack_spec.rb

@@ -22,6 +22,8 @@ RSpec.describe Gitlab::RackAttack, :aggregate_failures do
       stub_const("Rack::Attack", fake_rack_attack)
       stub_const("Rack::Attack::Request", fake_rack_attack_request)
 
+      # Expect rather than just allow, because this is actually fairly important functionality
+      expect(fake_rack_attack).to receive(:throttled_response_retry_after_header=).with(true)
       allow(fake_rack_attack).to receive(:throttle)
       allow(fake_rack_attack).to receive(:track)
       allow(fake_rack_attack).to receive(:safelist)