Idea: add fool protection in "start" function to avoid accidental ban for flood

[Lopol2010]

Steps to reproduce:

1. By accident I made phoneCode callback to always return the same resolved promise.
2. And did not return true from onError callback.
3. Then I invalidated code by sending it to my bot's private chat, so that auth.SignIn throws PhoneCodeExpiredError.

In a couple of seconds this combination got my account banned for flood for 1 hour, due to hundreds of signIn attempts before I stopped the server manually.

Relevant while loop:

gramjs/gramjs/client/auth.ts

Lines 168 to 210 in 0471403

	while (1) {
	try {
	try {
	phoneCode = await authParams.phoneCode(isCodeViaApp);
	} catch (err: any) {
	// This is the support for changing phone number from the phone code screen.
	if (err.errorMessage === "RESTART_AUTH") {
	return client.signInUser(apiCredentials, authParams);
	}
	}
	if (!phoneCode) {
	throw new Error("Code is empty");
	}
	// May raise PhoneCodeEmptyError, PhoneCodeExpiredError,
	// PhoneCodeHashEmptyError or PhoneCodeInvalidError.
	const result = await client.invoke(
	new Api.auth.SignIn({
	phoneNumber,
	phoneCodeHash,
	phoneCode,
	})
	);
	if (result instanceof Api.auth.AuthorizationSignUpRequired) {
	isRegistrationRequired = true;
	termsOfService = result.termsOfService;
	break;
	}
	return result.user;
	} catch (err: any) {
	if (err.errorMessage === "SESSION_PASSWORD_NEEDED") {
	return client.signInWithPassword(apiCredentials, authParams);
	} else {
	const shouldWeStop = await authParams.onError(err);
	if (shouldWeStop) {
	throw new Error("AUTH_USER_CANCEL");
	}
	}
	}
	}