(feat) Add Firestore-based rate limiting to prevent brute force attacks

[HarK-github]

Description:

This PR implements client-side rate limiting using Firestore to prevent brute force login attacks without requiring Cloud Functions.

Files Created:

• src/firebase/rateLimit.ts - Core rate limiting logic with Firestore
• src/hooks/useRateLimit.ts - React hook for rate limit status

Files Modified:

• src/firebase/auth.ts - Integrated rate limit checks into login flow
• src/components/Login/LoginFormComponent.tsx - Added rate limit warnings display

Features:

• Tracks failed login attempts per email address
• Locks account after 5 failed attempts within 15 minutes
• 30-minute lockout duration
• Shows remaining attempts warning when 2 or fewer left
• Displays countdown timer during lockout
• Automatically resets on successful login

Configuration:

{
  maxAttempts: 5,      // Maximum attempts allowed
  windowMinutes: 15,   // Time window in minutes
  lockoutMinutes: 30   // Lockout duration after exceeding attempts
}

Firestore Collection Structure:

rateLimits/{email}/
  - attempts: number
  - firstAttemptAt: timestamp
  - lastAttemptAt: timestamp
  - isLocked: boolean
  - lockoutEndsAt: timestamp
  - attemptHistory: array

Security:

• No Cloud Functions required
• Works entirely client-side with Firestore
• Rate limits are enforced before Firebase Auth is called

Testing:

1. Attempt login with wrong password 5 times
2. Verify account locks for 30 minutes
3. Verify warning appears at 2 attempts remaining
4. Verify successful login resets the counter

Reviewers: @seetadev