Rationalise ratelimit exemption rules.

Make it clearer as to what the rule does.

terraform/projects/infra-public-wafs/cache_public_rule.tf

@@ -31,12 +31,12 @@ resource "aws_wafv2_ip_set" "govuk_requesting_ips" {
   addresses          = concat(var.traffic_replay_ips, local.nat_gateway_ips, var.eks_egress_ips)
 }
 
-resource "aws_wafv2_ip_set" "external_partner_ips" {
-  name               = "external_partner_ips"
-  description        = "The IP addresses are used by our partners."
+resource "aws_wafv2_ip_set" "high_request_rate" {
+  name               = "high_request_rate"
+  description        = "Source addresses from which we allow a higher ratelimit."
   scope              = "REGIONAL"
   ip_address_version = "IPV4"
-  addresses          = var.allow_external_ips
+  addresses          = var.allow_high_request_rate_from_cidrs
 }
 
 resource "aws_cloudwatch_log_group" "public_cache_waf" {

terraform/projects/infra-public-wafs/variables.tf

@@ -105,9 +105,9 @@ variable "eks_egress_ips" {
   description = "An array of CIDR blocks for the corresponding EKS environment's NAT gateway IPs"
 }
 
-variable "allow_external_ips" {
+variable "allow_high_request_rate_from_cidrs" {
   type        = list(string)
-  description = "An array of CIDR blocks that are our partners using to send traffic to us"
+  description = "Source IP netblocks from which we allow a higher rate of requests."
 }
 
 variable "waf_log_retention_days" {