Enhancement: fail2ban-friendly auth failure logs for failed login attempts

[rezdm]

Summary

Authentication failures currently lack a stable, machine-parseable log line that includes the source IP.

Motivation

Operators using fail2ban need a consistent auth failure pattern that exposes <HOST> directly in each failed attempt record.

Proposal

Emit a dedicated warning log entry for authentication failures, including:

• remote_ip
• remote_addr
• username (when available)
• auth method
• structured reason (for example invalid_credentials)

Example:
[WARN] socks: auth_failed remote_ip=203.0.113.10 remote_addr="203.0.113.10:53742" username="admin" method=2 reason=invalid_credentials

Acceptance Criteria

• Failed login attempts produce an auth_failed log line with remote_ip in every case where remote address is known.
• Invalid credentials include username and reason=invalid_credentials.
• A regression test verifies this log format for an invalid username/password attempt.