Set a cap to maximum delay in preventing brute force attacks

This is necessary because PHP-FPM fails if sleep / usleep runs beyond
the maximum execution time of php.ini, leading to whole vhosts falling
over.

tests/MD_STD_SECTest.php

@@ -0,0 +1,37 @@
+<?PHP
+/**
+ * Tests for MD_STD_SEC.
+ *
+ * @author Joshua Ramon Enslin <joshua@museum-digital.de>
+ */
+declare(strict_types = 1);
+
+use PHPUnit\Framework\TestCase;
+
+require __DIR__ . '/../src/MD_STD_SEC.php';
+
+/**
+ * Tests for MD_STD_SEC.
+ */
+final class MD_STD_SECTest extends TestCase {
+    /**
+     * Function for testing if the page can be opened using invalid values for objektnum.
+     *
+     * @author Joshua Ramon Enslin <joshua@museum-digital.de>
+     * @group  MissingInputs
+     * @group  SafeForProduction
+     *
+     * @return void
+     */
+    public function testComputeAntiBruteForceDelayDoesNotGoOverMax():void {
+
+        $delay = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100);
+        self::assertGreaterThan(0, $delay);
+        # self::assertLessThan(10 * 1000000, $delay); // Smaller than 10 seconds
+
+        $delay_reduced = MD_STD_SEC::computeAntiBruteForceDelay(100, 100, 100, 3);
+        self::assertGreaterThan(0, $delay_reduced);
+        self::assertLessThan(3 * 1000000, $delay_reduced); // Smaller than 10 seconds
+
+    }
+}