security.block() should manage subsequent blocks automatically

[ax1]

on GET requests this could be disabled if performance degradation is shown

but for other HTTP verbs (POST,PUT,DELETE) check or protect should be called at middleware level

example on a POST /login:

On the first call, login.js contains: if (authenticationKey!=KEY) require('a1-server'/lib/security).block(request)

then if client is already blocked, the next time calling the server, since the middleware is called BEFORE reaching login.js, the execution from server internals is check(request)->protect(request)

This way, on every web app, there is no need to add custom bolierplate to manage blocking users, just call block() and that's it

1 line of code against 10 or more customized for each app and error prone depending on the day. Security is a MUST so do it only at one place and do it right by passing unit tests