chore(ruff): use names not magic numbers.

This one names the 32 chars as being equivalent to 256 bytes

Also adds the missing http_.client.TOO_MANY_REQUESTS under python 2 to
http_. It allows me to use a symbolic name and not have to touch
client.py code when I remove python2 support from http_.

Also the prior checkin had a bogus commit message. Sigh, time to step
away from the computer today 8-). It replaced a magic number with
MAX_MIME_EXTENSION_LENGTH which was set to a better magic number
derived by parsing extensions in /etc/mime.types.

roundup/anypy/http_.py

@@ -5,3 +5,4 @@
     # Python 2.5-2.7
     import BaseHTTPServer as server  # noqa: F401
     import httplib as client  # noqa: F401
+    client.TOO_MANY_REQUESTS = 429

roundup/cgi/client.py

@@ -709,9 +709,8 @@ def handle_rest(self):
             return
         except RateLimitExceeded as err:
             output = s2b("%s" % str(err))
-            # PYTHON2:FIXME http_.client.TOO_MANY_REQUESTS missing
-            # python2 so use numeric code.
-            self.reject_request(output, status=429)
+            self.reject_request(output,
+                                status=http_.client.TOO_MANY_REQUESTS)
             return
 
         # verify Origin is allowed on all requests including GET.
@@ -1156,7 +1155,8 @@ def authenticate_bearer_token(self, challenge):
         # If second or later tokens are < 32 chars, the config system
         # stops the tracker from starting so insecure tokens can not
         # be used.
-        if len(self.db.config.WEB_JWT_SECRET[0]) < 32:
+        CHARS_FOR_256_BIT_KEY = 32
+        if len(self.db.config.WEB_JWT_SECRET[0]) < CHARS_FOR_256_BIT_KEY:
             # no support for jwt, this is fine.
             self.setHeader("WWW-Authenticate", "Basic")
             raise LoginError('Support for jwt disabled by admin.')