feat(jans-auth-server): Add configurable rate limiting for authentication endpoints to prevent brute-force attacks

[vivekkumarrathour]

Is your feature request related to a problem? Please describe. Currently, the jans-auth-server does not have built-in configurable rate limiting for authentication endpoints (such as /token, /authorize, /userinfo). This makes the system vulnerable to brute-force attacks, credential stuffing, and DoS attacks targeting authentication flows.

Describe the solution you'd like Implement a configurable rate limiting mechanism in jans-auth-server with the following features:

• Configurable thresholds for requests per IP address, user account, or client_id
• Support for different time windows (e.g., per minute, per hour)
• Configurable response behavior (HTTP 429 with Retry-After header)
• Integration with existing authentication flows without breaking OAuth2/OIDC compliance
• Admin UI configuration options for non-technical administrators
• Metrics and logging for rate limit violations

Describe alternatives you've considered

• Using external rate limiting solutions (e.g., nginx rate limiting, API gateways) - but this requires additional infrastructure and doesn't provide application-level awareness
• Implementing custom scripts - but this lacks standardization and maintainability
• Using cloud-based WAF solutions - but adds cost and latency for self-hosted deployments

Additional context This feature would enhance the security posture of Janssen deployments, especially for organizations running public-facing authentication services. It would complement existing security features like account lockout policies and help prevent automated attacks.