Add the rate limiting for wrong password or username

This will trigger a rate limitation when the username does not exists or
if the password is not the correct one. The time to wait is exponential
(base 2) after the 5 first attempts.