refactor: extract preflightChecks in AuthService login (#693)

[Peaostrel]

Resolves #693

Description

The login method in AuthService contained a long sequence of checks making it difficult to understand the exact order and intent of the security pipeline at a glance.

This PR refactors the login flow by extracting the initial security checks into a dedicated private preflightChecks method. It also adds clear documentation regarding the ordering contract of the login process.

Changes Made

• Extracted lockout and CAPTCHA validation logic from login into a new preflightChecks private method.
• Added a JSDoc comment block to explicitly document the strict ordering contract:
  1. Lockout check: Prevents further action if the account is temporarily locked.
  2. CAPTCHA check: Requires CAPTCHA validation if failed attempts exceed the threshold.
  3. Credentials check: Performed in the main login method only after preflight checks pass.
• Ensured no logic was altered; this is a pure refactoring for better code readability and maintainability.

[drips-wave]

@Peaostrel Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits