FIX: return 429 when admin api key is limited on admin route

This also handles a general case where exceptions leak out prior to being handled by the application controller

spec/controllers/list_controller_spec.rb

@@ -297,7 +297,8 @@ describe ListController do
 
   context 'read' do
     it 'raises an error when not logged in' do
-      expect { get :read }.to raise_error(Discourse::NotLoggedIn)
+      get :read
+      expect(response.status).to eq(404)
     end
 
     context 'when logged in' do