Create lockout message for mobile users

[avazirna]

Summary

This PR presents an appropriate message to users that have been locked out of CommCare due to exceeding the maximum number of login attempts allowed. To restore the account, users need to reach out to a Supervisor or Administrator.

Note: Another design considered during this work involved receiving a 406 response code from HQ and let the User Actionable errors feature handle the error message, this option was later disfavoured over a 401 response code with specific error messages but it can always be revisited if needed.
Ticket: https://dimagi.atlassian.net/browse/SAAS-13154

Product Description

Currently, when an user is locked out, they get an Invalid Username or Password message. With this change, the message will be:

Safety Assurance

• I have confidence that this PR will not introduce a regression for the reasons below

Safety story

This PR only improves error message handling on the client side, instead of having a catch-all message for all authentication failure events.

[shubham1g5]

Hey @avazirna, Can you describe why we decided to not use existing 406 ? It seems like we are duplicating what 406 is designed to do effortlessly with a 401 here but in a more complicated fashion.

[avazirna]

@damagatchi retest this please

[avazirna]

@damagatchi retest this please

[avazirna]

@damagatchi retest this please

[kishansampat]

@avazirna any further details on how to carry this PR forward?

[avazirna]

@avazirna any further details on how to carry this PR forward?

@kishansampat HQ needs to send a 406 when the user exceeds the number of attempts, as indicated on this ticket: https://dimagi.atlassian.net/browse/SAAS-11660?focusedCommentId=186055. The blocker was that HQ was still sending a 401 instead. I can retest this and create a new ticket for HQ work to make the necessary changes so the changes on this PR can be merged.