Add unauthenticated concurrency limit

It's useful to treat unauthenticated requests different from authenticated ones. Let's add a section in the concurrency limiter config that allows this.

This MR also makes changes to the middleware handler as well as the pack objects function to treat authenticated and unauthenticated requests differently.