a62c0e4b5d
Introduce a Redis-backed LoginGuard that combines per-IP, per-identifier and IP+identifier rate limits, exponential lockout on consecutive failures, and a concurrent-attempt lock so a single subject cannot pile up parallel brute-force tries. The guard ships with an in-memory fallback when Redis is unreachable so login protection keeps working under degraded mode. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>