effectively (not directly) add "required pam_tally2.so debug" to /etc/pam.d/common-account

This is required because otherwise something like "sudo bash" would count as a
failed login for pam_tally2 even though it was successful.

https://bugzilla.redhat.com/show_bug.cgi?id=707660

https://forums.whonix.org/t/restrict-root-access/7658

usr/share/pam-configs/tally2-security-misc

@@ -4,3 +4,6 @@ Priority: 260
 Auth-Type: Primary
 Auth:
 	required	pam_tally2.so deny=5 onerr=fail audit debug
+Account-Type: Primary
+Account:
+	required	pam_tally2.so debug