Support original_response in AXES_LOCKOUT_CALLABLE (with backward compatibility)

[mounirmesselmeni]

What does this PR do?

This PR extends the AXES_LOCKOUT_CALLABLE setting to support an additional original_response argument. This allows developers to customize lockout behavior more flexibly while maintaining backward compatibility with the previous two-argument signature.

• Code changes

  • get_lockout_response now attempts to call the lockout callable with (request, original_response, credentials) and falls back to (request, credentials) if the callable does not accept the new parameter.
  • Middleware has been updated to pass the original_response.

• Documentation

  • Updated configuration and customization docs to reflect the new three-argument signature.

• Tests

  • Added new tests covering callables with original_response.
  • Preserved tests for legacy two-argument callables.

Motivation and context

The extra original_response parameter makes it possible to reuse or extend the existing lockout response instead of replacing it entirely. For example, one might still return the default login response but also trigger a message via django.contrib.messages, or apply custom headers.

Example usage:

def axes_lockout_handler(request, response, credentials):
    from django.contrib import messages

    messages.error(request, _("Too many login attempts. Please try again later."))
    return response


AXES_LOCKOUT_CALLABLE = axes_lockout_handler

---

Before submitting

• This PR updates the documentation with the new callable signature.
• This PR includes new tests for the added behavior.