tfa: add data for rate limiting and blocking

tfa: add data for rate limiting and blocking

TfaUserData uses `#[serde(deny_unknown_fields)]`, so we add
this now, but using it will require explicitly enabling it.

If the TOTP count is high, the user should be locked out of
TOTP entirely until they use a recovery key to reset the
count.

If a user's TFA try count is too high, they should get rate
limited.

In both cases they should receive some kind of notification.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>