Further improvements to algorithm to detect account duplication covering the following scenarios:
Changes in masked characters
Changes in masked lengths, in the situation when an institution decides to reveal additional digits in account number
Changes in BSB e.g. an institution decides to remove BSB
Characters going from unmasked to masked
Added 403 Invalid request HTTP error response for when there has been too many requests for the token endpoint within a 5 minute period from a specific IP address.
