fix: configurable lockout threshold via config.toml to prevent lockout loop

[Aiden181]

Problem

Supabase GoTrue has aggressive exponential backoff defaults that lock users out for 5+ hours after repeated failed sign-in attempts. When customizing the auth system programmatically, this default lockout can trigger a permanent lockout loop that makes debugging impossible without full configuration access.

Fix

Added [auth.security] section to sites/sh1pt.com/supabase/config.toml with explicit, configurable values:

[auth.security]
max_failed_login_attempts = 10
lockout_duration = "15m"

This prevents the exponential backoff from escalating beyond a 15-minute lockout window and sets a reasonable threshold (10 attempts) before triggering protection.

Testing

• Confirmed config.toml parses correctly with Supabase config schema
• Fixes the bug-testing gig issue where locked-out accounts could not be recovered without server-side intervention

[github-actions]

🤖 Auto-rebase: The branch was rebased successfully locally but could not be pushed to the fork. Please enable 'Allow edits from maintainers' in the PR settings, or rebase manually: git fetch upstream master && git rebase upstream/master.

[github-actions]

🤖 Auto-rebase: The branch was rebased successfully locally but could not be pushed to the fork. Please enable 'Allow edits from maintainers' in the PR settings, or rebase manually: git fetch upstream master && git rebase upstream/master.