Lock out after N failed log in attempts

Created by: ryanslade

If a user fails to login after N attempts, which will be configurable by the site admin, their account will be locked.

To reduce support burden we may want to not lock the account forever but instead lock for a specific duration based on the number of failed attempts.

Initially perhaps this can be a simple linear backoff based on the number of failed attempts beyond 3, increasing by 5 minute intervals.

So, 3 failed attempts would lock the account for 5 minutes. 4, 10 minutes, 5 15 etc