Change devise unlock strategy to :time

Currently, we are using an unlock strategy of `:both`, which allows
both time based unlocking and email based unlocking. This leadds to
an email being sent to the user when their account is locked, which
us currently not intended.

config/initializers/devise.rb

@@ -52,7 +52,7 @@ def http_auth_body
 
   # Account lockout
   config.lock_strategy = :failed_attempts
-  config.unlock_strategy = :both
+  config.unlock_strategy = :time
   config.unlock_keys = [ :time ]
   config.maximum_attempts = CheckConfig.get('devise_maximum_attempts', 5)
   config.unlock_in = CheckConfig.get('devise_unlock_accounts_after', 1).hour