Add account lockout

[mprahl]

Local accounts should be locked out from logging in after a certain number of bad password attempts that is configurable in the Configurations page.

[thatarchguy]

Add a new table to the database?

How will we handle un-banning them properly? We would need a function outside the application that checks this. Maybe a celery worker? That seems like a bit of overhead though.

>describe accounts_locked;
+-------------+---------------------+------+-----+-------------------+-------+
| Field       | Type                | Null | Key | Default           | Extra |
+-------------+---------------------+------+-----+-------------------+-------+
| user_id     | int(10) unsigned    | NO   | PRI | NULL              |       |
| timestamp   |  timestamp          | NO   |     | CURRENT_TIMESTAMP |       |    
+-------------+---------------------+------+-----+-------------------+-------+

[mprahl]

@thatarchguy, this isn't a bad idea here:
http://stackoverflow.com/a/28771820/4660038

[thatarchguy]

That looks like it would work. Not much overhead either.

[mprahl]

#142 Closes this.