DoSFilter leaks USER_AUTH entries

[sbordet]

DoSFilter automatically removes RateTracker entries that belong to type USER_IP or USER_SESSION, but not the other types.

DoSFilter also needs a code review because for example exposes RateTracker as a return type of a public method, but RateTracker is package private and so it's not possible to override the method.

[stale]

This issue has been automatically marked as stale because it has been a full year without activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically marked as stale because it has been a full year without activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

[github-actions]

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

[gregw]

6 year and counting! We should make this a priority once jetty 12 is released