No IP logged in requests

[kimboslice99]

Would be nice to see IPs logged in failed login requests, so that a solution like fail2ban or IPban can be used to prevent bruteforcing

I'm doing this myself by changing auth.go's functions decodeValidateLoginHeader, validateJellyfinCredentials, and getTokenLogin to include ip := strings.TrimSpace(gc.Request.Header.Get("X-Real-IP")) and any println statements with Auth denied: to look more like app.info.Print("Auth denied: Invalid username/password ip=", ip, "\n")

[hrfee]

I can add this, I'll add an option for it and put a warning about legal issues with logging IPs. Would you mind creating a pull request and allowing me to edit it so I can build off what you've done? thanks