Add a connlimit stanza to the firewall rules on Gerrit servers
limiting access to its SSH API port to 100 concurrent connections
per source IP address. This has been running in production on
review.openstack.org for a few months now, in the wake of a number
of incidents where runaway third-part CI systems resulted in a
denial of service incidents for our Gerrit deployment there.
Change-Id: Id92cef93c115faf88cc822ecd8e3df9ebd6fd9c3
c5db057901