Add warning about LDAP injections

from ldap3.utils.dn import escape_rdn

```

>>> [!warning]

The username and password provided by the user are _untrusted_ (anyone can enter anything in the login field of your app).

If you don't escape it, you can open yourself up to LDAP injection attacks, see:

- [OWASP LDAP Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html)

- [How to prevent LDAP-injection in ldap3 for python3](https://stackoverflow.com/questions/47397341/how-to-prevent-ldap-injection-in-ldap3-for-python3)

If you are only using the username to create a bind dn to bind to the server, it is likely that you could skip escaping the username. However, it is easy to let this become a bad habit, so we always recommend escaping untrusted input.

>>>

### CL account

```python

print(success)

```

Iff `success`, the user provided the correct username and password.

The Portal implementation [provides an alternative way](https://gitlab.cl.uni-heidelberg.de/fachschaft/portal/-/blob/7018a073252860493fa2b2a0c62743e4bcb12ee8/ldap/Directory.py#L62) using context managers.

## Further reading

* [`portal/ldap/Directory.py`](https://gitlab.cl.uni-heidelberg.de/fachschaft/portal/-/blob/master/ldap/Directory.py?ref_type=heads): LDAP implementation for another project from which I self-plagiarized many of the instructions here