Improved the SSH ruleset for Windows (#315)

Added a rule to detect when someone fails to authenticate with SSH successfully using public key cryptography on Windows and treat it as a failed login attempt.

I tested it on the following platforms:
- Windows Server 2022
- Windows 10 Pro

Fixes: #314

Signed-off-by: hwmayisrvu <[email protected]>

Author: hwmayisrvu

IPBanCore/ipban.config

@@ -591,6 +591,7 @@
 								(?<log>failed\s+password)\s+for\s+(invalid\s+user\s+)?(?<username>[^\s]+)\s+from\s+(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+ssh|
 								(?<log>did\s+not\s+receive\s+identification\s+string)\s+from\s+(?<ipaddress>[^\s]+)|
 								(?<log>connection\s+closed)\s+by\s+((invalid\s+user\s+)?(?<username>[^\s]+)\s+)?(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+\[preauth\]|
+								(?<log>connection\s+closed)\s+by\s+((authenticating\s+user\s+)?(?<username>[^\s]+)\s+)?(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+\[preauth\]|
 								(?<log>disconnected\s+from)\s+(invalid\s+user\s+)?(?<username>[^\s]+)\s+(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+\[preauth\]|
 								(?<log>disconnected\s+from)\s+(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+\[preauth\]|
 								(?<log>disconnected\s+from\s+authenticating\s+user)\s+(?<username>[^\s]+)\s+(?<ipaddress>[^\s]+)\s+port\s+[0-9]+\s+\[preauth\]