Hey, so I was thinking about this thing I need help with. I've been working on our
Django REST API for the past few weeks and it's getting really messy. Can you help me
refactor the authentication module? Here's the current code:

```python
def authenticate_user(request):
    token = request.headers.get('Authorization', '').replace('Bearer ', '')
    if not token:
        return None
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
        user = User.objects.get(id=payload['user_id'])
        return user
    except (jwt.ExpiredSignatureError, jwt.InvalidTokenError, User.DoesNotExist):
        return None
```

The main issues I see are:
- No logging when auth fails (we can't debug production issues)
- SECRET_KEY is imported from settings but not validated at startup
- No rate limiting on repeated auth failures
- The except clause is too broad (swallows too many errors silently)

Please refactor this so it's production-ready. I don't want you to change the
function signature though — other parts of the codebase depend on it. Also don't
add any third-party auth libraries since we're trying to keep dependencies minimal.
