issue2550949: Rate limit password guesses/login attempts. Generic rate limit mechanism added. Deployed for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. Uses gcra algorithm so all I need to store is a username and timestamp in the one time key database. This does mean I don't have a list of all failed login attempts as part of the rate limiter. Set up config setting as well so admin can tune the rate. Maybe 1 every 10 seconds is ok at a site with poor typists who need 6 attempts to get the password right 8-). The gcra method can also be used to limit the rest and xmlrpc interfaces if needed. The mechanism I added also supplies a status method that calculates the expected values for http headers returned as part of rate limiting. Also tests added to test all code paths I hope.

<!-- query.item -->
<span tal:condition="context/is_view_ok" tal:replace="structure
      context/renderQueryForm" />
<tal:block tal:condition="not:context/is_view_ok">
  <tal:block metal:use-macro="templates/page/macros/icing">
    <title metal:fill-slot="head_title">You can not view query</title>
    <tal:block metal:fill-slot="body_title">
      You can not view query.
    </tal:block>
    <td class="content" metal:fill-slot="content">
      You are not allowed to view <span tal:content="context/_classname"/>
      with id <span tal:content="context/id"/>
    </td>
  </tal:block>
</tal:block>