Docs/Security: Added warnings to focus identification

Signed-off-by: Tony Tkáčik <tonydamage@gmail.com>

docs/security/credentials/identity-recovery/index.adoc

@@ -9,6 +9,8 @@ This functionality can be used in case when the user needs to log in to the syst
 To go through reset password flow, the user definitely will need their name or other identifier to be authorized for changing a password.
 Therefore, Identity recovery feature can be configured to help the user to recover their identity data to proceed then with password recovery or login process.
 
+WARNING: Enabling *Identity Recovery* and particular configurations may make your *midPoint* deployment vulnerable to *Account Enumeration Attacks*. Consider deploying rate-limiting proxy to mitigate this class of attacks, since midPoint does not have rate-limiting built in.
+
 == Identity recovery flow description
 
 To recover the identity, the system tries to find out at first, if there any archetype the user belongs to.

docs/security/credentials/password-reset/index.adoc

@@ -278,6 +278,8 @@ image::focus-identification-module.png[Focus identification module,width=400]
 If the user is not found, or if more than one user is found, the authentication flow ends, as it is not possible to identify such a user.
 If the user exists, the authentication sequence continues with the next module (`passwordHint`).
 
+WARNING: Enabling *Focus Identification* may make your *midPoint* deployment vulnerable to *Account Enumeration Attacks*. Consider deploying rate-limiting proxy to mitigate this class of attacks, since midPoint does not have rate-limiting built in.
+
 ==== Password Hint
 
 The second module is `passwordHint` (of `hint` type).