Ratelimit window creation requests

[Technifocal]

Description of the Feature or Idea

Ratelimit the speed at which sites can create getInfo()/sendInvoice()/makeInvoice() requests if they require opening a window (for example, getInfo(), if pre-approved, should not be ratelimited). In testing, a buggy/malicious site can easily open tens or hundreds of windows.

Existing Example(s) of Feature

Here is an example piece of code to trigger the malicious action:

<html>
	<header>
		<script src="https://unpkg.com/[email protected]/dist/webln.min.js" integrity="sha384-mTReBqbhPO7ljQeIoFaD1NYS2KiYMwFJhUNpdwLj+VIuhhjvHQlZ1XpwzAvd93nQ" crossorigin="anonymous"></script>
		<script>
			async function alertInvoice() {
				var webln = await WebLN.requestProvider();
				var weblnbolt11 = await webln.makeInvoice({defaultAmount: "5", minimumAmount: "1", maximumAmount: "10"});
			}
		</script>
	</header>
	<body>
		<input type="button" onclick="for(var i = 0; i < 15; i++) {alertInvoice();}" value="Click me!" />
	</body>
</html>

[wbobeirne]

This should be pretty simple to auto-reject if they call it more than say 2 times per second. Thanks for the test case!