[token-server] Make sure we are rate limiting by client IP address

Summary:
Because token-server is deployed on docker, req.ip is the address of the actual server and the address of the client making an API endpoint request (e.g. for a token reward or a Cashtab reward).

So, right now, the rate limiting "works" -- but it rate limits all users instead of by IP address of individual users. This is causing normal users to get rate limit errors.

Ref https://stackoverflow.com/questions/62494060/express-rate-limit-not-working-when-deployed-to-heroku

Test Plan: Will need to review logs on deployed instance. Have confirmed can still run this locally.

Reviewers: #bitcoin_abc, johnkuney

Reviewed By: #bitcoin_abc, johnkuney

Differential Revision: https://reviews.bitcoinabc.org/D16732