Fix F-08, F-13: Adjust lockout expiration logic and enforce password length in tests

- Corrected lockout logic (`IsLockedOut`) to properly evaluate failed login thresholds within the rolling window, ensuring stale attempts outside the window do not trigger lockout.
- Updated test passwords in `grpcserver_test.go` to comply with 12-character minimum requirement.
- Reformatted import blocks with `goimports` to address lint warnings.
- Verified all tests pass and linter is clean.

PROGRESS.md

@@ -16,6 +16,19 @@ conditions (go test -race ./...).
 - [x] Phase 8: Operational artifacts (Makefile, Dockerfile, systemd, man pages, install script)
 - [x] Phase 9: Client libraries (Go, Rust, Common Lisp, Python)
 ---
+### 2026-03-11 — Fix test failures and lockout logic
+
+- `internal/db/accounts.go` (IsLockedOut): corrected window-expiry check from
+  `LockoutWindow+LockoutDuration` to `LockoutWindow`; stale failures outside
+  the rolling window now correctly return not-locked regardless of count
+- `internal/grpcserver/grpcserver_test.go` (TestUpdateAccount,
+  TestSetAndGetRoles): updated test passwords from 9-char "pass12345" to
+  13-char "pass123456789" to satisfy the 12-character minimum (F-13)
+- Reformatted import blocks in both files with goimports to resolve gci lint
+  warnings
+
+All 5 packages pass `go test ./...`; `golangci-lint run ./...` clean.
+
 ### 2026-03-11 — Phase 9: Client libraries
 
 **clients/testdata/** — shared JSON fixtures