Fix admin vulnerability to Brute Force

[5e-Cleric]

Added express-rate-limit package and implemented rate limiting for admin API login attempts

Have NOT tested this as of yet, feel free to do so. Should be a limit of 10 attempts per day.

[5e-Cleric]

It works!

[dbolack-ab]

Seems straightforward.

[G-Ambatte]

Here's a suggested tweak for admin.api.js:

// Define rate limiter options
const loginLimiter = rateLimit({
	timeWindow : 24 * 60 * 60 * 1000, // 24 hours window
	max        : 10, // limit each IP to 10 requests per timeWindow
	handler    : ()=>{throw { HBErrorCode: '100', code: 429, message: 'Too many requests' }; }
});

which results in:

I've just re-used HBErrorCode 100 on the proof of concept, we'd need to give this particular error its own code to use the Error Page. We might also want to do something similar for the Access Denied result.

[G-Ambatte]

On the actual error message, I think Too many failed login attempts, try again later is probably better than specifically stating that the ban is tied to their IP address.

[5e-Cleric]

I'd rebuild the UI for this, it is not a brew that is being accessed, but the admin page. But yeah i can work with that, good point.

[5e-Cleric]

This is better. I could use some advice on it anyway.

[Gazook89]

There are some spelling errors and awkward sentences that I think could be improved. I'm no wordsmith (I use 10 words where will 1 will do), but here is my take:

401

## Authorization Required
You need to provide correct administrator credentials to access this page.

:

If you should have access but are not able to log-in, please reach out via [reddit mod mail](https://old.reddit.com/message/compose/?to=/r/homebrewery) or in the [hb_issues channel of the Discord of Many Things server](https://discord.gg/domt).

403

## Access Denied
You need to provide correct administrator credentials to access this page.  *Too many unsuccessful attempts will lock you out for a period of time.*

:

If you should have access but are not able to log-in, please reach out via [reddit mod mail](https://old.reddit.com/message/compose/?to=/r/homebrewery) or in the [hb_issues channel of the Discord of Many Things server](https://discord.gg/domt).

470

## You have run out of attempts
You have failed to provide correct credentials to access the page too many times.  Please wait a bit before retrying again.

:

If you should have access but are not able to log-in, please reach out via [reddit mod mail](https://old.reddit.com/message/compose/?to=/r/homebrewery) or in the [hb_issues channel of the Discord of Many Things server](https://discord.gg/domt).

[calculuschild]

We can remove this package now if it's not being used.

[5e-Cleric]

You added it to the project for the 429 issues, right?

[calculuschild]

Took it back out because it didn't make a difference.

[calculuschild]

I think this is the only thing. Remove that, fix any conflicts, and we can merge. I put my approval so you or I can merge.

[5e-Cleric]

I will remove it as soon as i get home, but i won't be able to merge without another review..

[Gazook89]

Just some remarks on messaging and a little bit of whitespace cleanup.

Marking 'approved' so as to not hold it up.

[5e-Cleric]

Small PR, works great, thank you for the reviews and helpful comments! Specially @Gazook89, i know i am not the best at writing messages.