[31.x][WFCORE-7192] [CVE-2025-23368] Enable protection for brute force authentication attempts.

[darranl]

Upstream PR: #6634

https://issues.redhat.com/browse/WFCORE-7192
https://nvd.nist.gov/vuln/detail/CVE-2025-23368

This will require a WildFly Elytron component upgrade so marking on hold to begin with.

Comprehensive tests have been developed under https://github.com/darranl/wildfly-security-testsuite, once this is merged to WildFly the testsuite will be moved to the wildfly-security organisation and will be set up to run nightly based on the latest changes to WildFly.

Caution

This pull request shares the same topic branch as the upstream PR, this means all CI job status reports will be represented on both PRs. To avoid confusion it is advisable to focus on the CI results on the upstream PR only.

Also note the names of jobs reported in GitHub differ from the names of jobs in Team City e.g. "Preview Integration Linux - JDK 17" is actually a Java 21 job, this is not related to the shared topic branch.

[wildfly-ci]

Core -> WildFly Preview Integration Build 14994 outcome was FAILURE using a merge of 0e6d6da
Summary: Compilation error: Compiler (new) Build time: 00:01:10

[wildfly-ci]

Core -> Full Integration Build 14860 outcome was FAILURE using a merge of 0e6d6da
Summary: Compilation error: Compiler (new) Build time: 00:01:09

[darranl]

/retest

[darranl]

FYI test failures look related - investigating.

[darranl]

Depends on - wildfly/wildfly#19610

[yersan]

Added a minor comment that does not need to be fixed now

Looks good to me, just waiting for the CI with the WFLY one in. I did not see anything else relevant; all the hard functionality is already Elytron, so this is just to manage the configuration via properties and wrap the existing realms with the new one

[yersan]

/retest

[darranl]

The two jobs showing as yellow have actully completed and reported as success, some job renaming was happening whilst they were running hence the two jobs remaining yellow.