gdm: Limit verification cancellations to be conform to allowed-failures

As per previous commit the user can cancel an ongoing authentication via
Escape key and that will always send the user back to the clock view in
lockscreen or user-selection view in login prompt.

However, we can be a little more permissive and don't switch view to be
able to restart the authentication without further action.

To avoid this to be abused though, we consider the user verification
cancellation via escape key to be a "soft-failure", so once the
configured "allowed-failures" gsettings value has been reached, we'd
just act as before, ignoring any further request (until we don't get
back to the user auth view).

In this way we still make brute-force attacks harder to do, while still
giving the well-behaving user some ability to fix mistakes.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>

js/gdm/util.js

@@ -192,6 +192,10 @@ var ShellUserVerifier = class {
         }
     }
 
+    get allowedFailures() {
+        return this._settings.get_int(ALLOWED_FAILURES_KEY);
+    }
+
     begin(userName, hold) {
         this._cancellable = new Gio.Cancellable();
         this._hold = hold;