chore: root commit of OWSAP security testing/tightening

.env

@@ -32,4 +32,9 @@ EMAIL_REPLY_TO=support@skymoneybudget.com
 
 UPDATE_NOTICE_VERSION=1
 UPDATE_NOTICE_TITLE=SkyMoney Update
-UPDATE_NOTICE_BODY=We added email verification and account-delete confirmation
+UPDATE_NOTICE_BODY=We added email verification and account-delete confirmation
+ALLOW_INSECURE_AUTH_FOR_DEV=false
+JWT_ISSUER=skymoney-api
+JWT_AUDIENCE=skymoney-web
+AUTH_MAX_FAILED_ATTEMPTS=5
+AUTH_LOCKOUT_WINDOW_MS=900000