Allow trusted client to bypass the wait period when entering the wrong password
We get sometimes the remark that the exponential wait in the get_login function when the user enters is useless or should be changed in order to reduce the delay (see #5375 (closed) and other discussions about that on the opensuse bugtracker or in live).
Getting some idea from https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies we think that we could use a random token store on the client side and on the server side in order to reduce the wait for users trying to connect from a client that has already been trusted.
This token would be sent alongside the credentials information and if it matches the one store on the server then the user wouldn't have to wait in order to make another attempt. Of course if the number of attempts reach a defined limit then we will sent a 429 - Too Many Requests.