Autocomplete API shouldn't allow search by email address

[jace]

The search by email feature can be abused to discover user accounts and should not be allowed. However, because it also an extremely convenient feature when checking for a colleague's account on Hasjob, it should be:

1. Allowed for trusted apps calling the API
2. Allowed for users calling the endpoint via a client app's front-end, with a rate limit

For a use case like Hasjob, a rate limit of 10 users retrieved per hour (and not 10 API calls) seems appropriate. This is critical because the autocomplete API works on keystrokes, so a single query can result in multiple calls.

One caveat is that constructing teams within Lastuser will be affected as more than 10 users may be put together at once.