implement account lockout after 3 failed login attempts with 5-minute cooldown period

backend/internal/db/sqlc/models.go

@@ -33,8 +33,10 @@ type Delivery struct {
 }
 
 type User struct {
-	ID           pgtype.UUID      `db:"id" json:"id"`
-	Username     string           `db:"username" json:"username"`
-	PasswordHash string           `db:"password_hash" json:"password_hash"`
-	CreatedAt    pgtype.Timestamp `db:"created_at" json:"created_at"`
+	ID                  pgtype.UUID        `db:"id" json:"id"`
+	Username            string             `db:"username" json:"username"`
+	PasswordHash        string             `db:"password_hash" json:"password_hash"`
+	CreatedAt           pgtype.Timestamp   `db:"created_at" json:"created_at"`
+	FailedLoginAttempts int32              `db:"failed_login_attempts" json:"failed_login_attempts"`
+	LockedUntil         pgtype.Timestamptz `db:"locked_until" json:"locked_until"`
 }