pfSense: pfSense-SA-23_05.webgui: Anti-brute force protection bypass

The authentication system attempts to be informative and print extra information
along with IP addresses to completely identify where a user logs in from when
they login using the GUI. This includes the authentication source (e.g. local
database, LDAP or RADIUS, authentication server name), plus contents of proxy
headers X-Forwarded-For and Client-IP to further clarify the exact user
location.

This extra information is printed after the IP address of the remote user in
various places, including log messages for authentication. In the case of GUI
login failures, the log entries included the contents of the proxy headers
(X-Forwarded-For or Client-IP) submitted by the client.

This extra information confused the sshguard authentication log parser which
made it fail to recognize the client IP address in authentication error
messages.

Login protection managed by sshguard, such as preventing brute force attempts,
may not be enforced depending on the content of the request headers in GUI
authentication attempts, which may allow an attacker to continue GUI login
attempts indefinitely.