LG-14711: Enable reCAPTCHA in log-only mode

[vrajmohan]

changelog: Upcoming Features, reCAPTCHA, Enable reCAPTCHA in log-only mode

🎫 Ticket

Link to the relevant ticket:
LG-14711

🛠 Summary of changes

1. Add a feature flag sign_in_recaptcha_log_failures_only that is by default false in all environments.
2. When reCAPTCHA fails during sign-in, sign out the user and redirect them to an error page only if the flag sign_in_recaptcha_log_failures_only is set to true.

📜 Testing Plan

Set up an environment with the following config settings:

1. recaptcha_mock_validator: true

2. sign_in_recaptcha_log_failures_only: false

3. sign_in_recaptcha_percent_tested: 100

4. sign_in_recaptcha_score_threshold: 0.3

5. Go to http://localhost:3000/ in an Incognito/Private Browsing window

6. Sign in while setting reCAPTCHA to fail, e.g. a value of say 0.2

7. Observe that you are shown a page with "Security check failed" as shown in the screenshot below

8. Set sign_in_recaptcha_log_failures_only to true and restart the application

9. Go to http://localhost:3000/ in an Incognito/Private Browsing window

10. Sign in while setting reCAPTCHA to fail, e.g. a value of say 0.2

11. Observe that you are not shown a page with "Security check failed". Instead you are taken to the next step of authentication.

12. If you examine the events log, you should see an event named "Email and Password Authentication" with event_properties of {"success":true,"valid_captcha_result":false} - the authentication is successful even though the captcha test failed.

👀 Screenshots

If relevant, include a screenshot or screen capture of the changes.

[aduth]

Can you add the pull request template content, particularly testing instructions?

[aduth]

Tested locally, LGTM 👍

[aduth]

Was curious if we could bake the log-only consideration into valid_captcha_result?, but I see that it's valuable to include the raw result in the logging value below for valid_captcha_result. Nice separation 👍