Apikey identity toolkit quota not tightened

For applications using password-based Firebase Authentication, the default quota for the identitytoolkit.googleapis.com API endpoint has not been tightened. This can leave the application more susceptible to large-scale brute-force or credential stuffing attacks.