Because I didn't see any other posts that specifically asked this question phrased in this way, I thought I might ask.
An example of "too many requests" might be a malicious user altering the client-side code so that it creates a new user (stored in Firecloud) as frequently as possible.
Like Frank van Puffelen pointed out, this has already been answered and is found here: How do I implement a write rate limit in Cloud Firestore security rules?
The keywords used in this post are different than the one used in the post linked above, so I feel like it's worth it to keep this post around just in case someone gets here via a Google search using these keywords.