Don't process failed EXTERNAL authentication by mod_fail2ban

This will only lead to confusion because it's not considered
possible to brute force client certificates.

src/mod_fail2ban.erl

@@ -53,6 +53,9 @@
 %%%===================================================================
 -spec c2s_auth_result(ejabberd_c2s:state(), true | {false, binary()}, binary())
       -> ejabberd_c2s:state() | {stop, ejabberd_c2s:state()}.
+c2s_auth_result(#{sasl_mech := Mech} = State, {false, _}, _User)
+  when Mech == <<"EXTERNAL">> ->
+    State;
 c2s_auth_result(#{ip := {Addr, _}, lserver := LServer} = State, {false, _}, _User) ->
     case is_whitelisted(LServer, Addr) of
 	true ->