SECURITY UPDATE

* Handle failed login attempts via Telnet
* New lockout features for >= N failed attempts
* New auto-unlock over email feature
* New auto-unlock after N minutes feature
* Code cleanup in users
* Add user_property.js - start using consts for user properties. Clean up over time.
* Update email docs

misc/config_template.in.hjson

@@ -352,6 +352,23 @@
         //  Usernames reserved for applying to your system
         newUserNames: []
 
+        //  Handling of failed logins
+        failedLogin : {
+            //  disconnect after N failed attempts. 0=disabled.
+            disconnect          : XXXXX
+
+            //  Lock the user out after N failed attempts. 0=disabled.
+            lockAccount         : XXXXX
+
+            //
+            //  If locked out, how long until the user can login again?
+            //  Set to 0 to disable auto-unlock
+            //
+            autoUnlockMinutes   : XXXXX
+        },
+
+        //  Allow email driven password resets to unlock accounts?
+        unlockAtEmailPwReset    : XXXXX
     }
 
     //  Archive files and related