Auth-Attempts Timeout

[gregfrasco]

• Modify the abuseDetected function in auth-attempts to count within a certain time period.
• Use Config.get('/authAttempts/hours'); to get the number of hours the account will be locked for.
• Add hours to authAttempts in config.js

authAttempts: {
    forIp: 50,
    forIpAndUser: 7,
    hours: 1
  }

[FrancisZamora]

Closing in #186