Rate limiting per jwt credential

Hello Kong Community,

I’ve couple of questions related to kong 0.9.9 version.
1> Can we have rate limiting per kong credential instead of per consumer rate limit?
2> Is it good to have multiple ACL’s per API’s will it cause any performance impact to kong to validate the bearer?
3> Is it possible to block the jwt token creation for a particular consumer with a max limit?
4> What is the safest version to which the kong can be upgraded without minimal impact from 0.9.9?