remove rate limit from create_user endpoint

closes #2509

nginx will still apply a higher rate limit so we are still protected.

also a request will get denied quickly if it doesn't supply the correct secret.

i moved the secret check above the logger line so that we can't get logspammed.