Block sign in attempt for X minutes when the user fails to sign in N times

[ameshkov]

This is a very simple thing to prevent brute-force attacks, and I suppose we should do that in v0.106.0 since there're already many public AGH servers.

Here's what needs to be done:

1. Use a simple cache with eviction to store the IP addresses of users who're signing in. For instance: https://github.com/beefsack/go-rate
2. If a user makes N unsuccessful attempts to sign in, block it for X minutes (N and X - configurable)
3. Return a human-readable error: "the IP address is blocked for N minutes".

Default values:

• maxAttempts = 5
• blockSignInMinutes = 15

[Aikatsui]

Duplicate of #675 #863 😉
(i think it's possible to implement #863 same time)