port from pam_tally2 to pam_faillock

since pam_tally2 was deprecated upstream

usr/share/pam-configs/faillock-security-misc

@@ -1,11 +1,11 @@
-Name: lock accounts after 50 failed authentication attempts (by package security-misc)
+Name: lock accounts after 50 failed authentication attempts (part 1) (by package security-misc)
 Default: yes
 Priority: 290
 Auth-Type: Primary
 Auth:
 	optional	pam_exec.so	debug stdout seteuid /usr/libexec/security-misc/pam-info
 	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/libexec/security-misc/pam_faillock_not_if_x
-	requisite	pam_faillock.so even_deny_root deny=50 onerr=fail audit debug
+	required	pam_faillock.so preauth
 Account-Type: Primary
 Account:
-	requisite	pam_faillock.so debug
+	requisite	pam_faillock.so

usr/share/pam-configs/faillock2-security-misc

@@ -0,0 +1,7 @@
+Name: lock accounts after 50 failed authentication attempts (part 2) (by package security-misc)
+Default: yes
+Priority: 245
+Auth-Type: Primary
+Auth:
+	[default=die]  pam_faillock.so authfail
+	sufficient     pam_faillock.so authsucc