Document GitHub API rate limit considerations

We're using unauthenticated API requests to GitHub which is subject to a tighter rate limit than an authenticated rate limit. In normal usage, this isn't a problem, but it's possible to spam update requests and get rate limited. We should make sure to document this.