issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope.

#  - "path/to/folder"  # ignore folders and all its contents
#  - "test_*.rb"       # wildcards accepted
#  - "**/*.py"         # glob accepted
#  - "[a-z]+/test_.*"  # regexp accepted

# ignore files that are build utils and not executed
# code, or are deprecated.
ignore:
   - "roundup/cgi/TAL/talgettext.py" # utility command
   - "roundup/cgi/TAL/DummyEngine.py" # test harness
   - "roundup/cgi/apache.py"  # mod_python is deprecated
   - "roundup/install_util.py" # another build utlity
   - "roundup/dist"           # more build utils