Elaborate on security practices against DoS and Brute Force

[aeneasr]

Is your feature request related to a problem? Please describe.

Aside from built-in security features, we probably want:

1. Protection against (D)DoS attacks
2. Protection against Brute Force attacks
3. Protection against Spam

Describe the solution you'd like

We do not want to build in all of these protections in Kratos.� Many protection mechanisms need to be fine-tuned to fit in the environment they're used in. For example, what a small website might see as "DDoS" is just traffic on a normal day on another site.

We should therefore elaborate on security patterns required when running ORY Kratos anywhere.

Describe alternatives you've considered

Build in these security patterns in ORY Kratos.

Additional context

The cloud service will have best-practices for brute-force and similar attacks in place.

[aeneasr]

I think this does not really belong in ORY Kratos but in the reverse proxy. It just adds feature bloat!