gdm: Count fingerprint authentication failures in fail counter

Fingerprint PAM module can have multiple failures during a runtime
and we rely on the pam module configuration for the maximum allowed
retries.

However, while that setting should be always followed, we should never
ignore the login-screen's allowed-failures setting that can provide
a lower value.

So, once we have a fingerprint failure let's count it to increase our
internal fail counter, and when we've reached the limit we can emit a
verification-failed signal to our clients.

As per this we need also to ignore any further 'info' messages that we
could receive from the fingerprint service, as it may be configured to
handle more retries than us and they might arrive before we have
cancelled the verification session.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>

js/gdm/util.js

@@ -556,6 +556,12 @@ var ShellUserVerifier = class {
             return;
 
         this._queueMessage(problem, MessageType.ERROR);
+        if (isFingerprint) {
+            this._failCounter++;
+
+            if (!this._canRetry())
+                this._verificationFailed(serviceName, false);
+        }
     }
 
     _onInfoQuery(client, serviceName, question) {
@@ -604,15 +610,18 @@ var ShellUserVerifier = class {
         this._startService(serviceName);
     }
 
+    _canRetry() {
+        return this._userName &&
+            (this._reauthOnly || this._failCounter < this.allowedFailures);
+    }
+
     _verificationFailed(serviceName, retry) {
         // For Not Listed / enterprise logins, immediately reset
         // the dialog
         // Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
         // After that, we go back to the welcome screen.
 
-        let canRetry = retry && this._userName &&
-            (this._reauthOnly ||
-             this._failCounter < this._settings.get_int(ALLOWED_FAILURES_KEY));
+        const canRetry = retry && this._canRetry();
 
         this._disconnectSignals();