🛂 Auto ban IP on suspected bot publishing (#1095)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Enhanced sign-in error handling with specific messages for different
error types.
- Implemented IP-based restrictions for authentication and publishing
actions.

- **Bug Fixes**
- Updated the retrieval of user session information to improve
reliability.

- **Documentation**
- Updated usage instructions for `getServerSession` to reflect the new
authentication options.

- **Refactor**
- Replaced direct usage of `authOptions` with a new function
`getAuthOptions` to dynamically generate authentication options.
- Improved IP address extraction logic to handle various header formats.

- **Chores**
- Added a new `BannedIp` model to the database schema for managing
IP-based restrictions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

packages/lib/getIp.ts

@@ -0,0 +1,14 @@
+import { NextApiRequest } from 'next'
+
+export const getIp = (req: NextApiRequest): string | undefined => {
+  let ip = req.headers['x-real-ip'] as string | undefined
+  if (!ip) {
+    const forwardedFor = req.headers['x-forwarded-for']
+    if (Array.isArray(forwardedFor)) {
+      ip = forwardedFor.at(0)
+    } else {
+      ip = forwardedFor?.split(',').at(0)
+    }
+  }
+  return ip
+}