Add hCaptcha for Enhanced Security

[alokemajumder]

Description:
Our RDAP Lookup tool currently lacks robust protection against bots or automated abuse. Although we have rate limiting, malicious scripts could still attempt form submissions within allowed intervals or launch more sophisticated attacks. Implementing hCaptcha will help ensure that only legitimate (human) users can submit requests, providing an additional security layer and reducing unwanted traffic.

Why Add hCaptcha?
Prevent Automated Abuse: Rate limiting alone might not stop targeted or intelligent bots.
Privacy & Security Benefits: hCaptcha is known for its user privacy focus, and it helps deter various forms of spam or scripted submissions.
User Trust: A visible or invisible hCaptcha indicates that we take security seriously, which can boost confidence in our tool.
Proposed Solution
hCaptcha Integration:

Obtain a Site Key and Secret Key from hCaptcha.
Decide whether to use the visible checkbox, invisible mode, or challenge-based approach.
Frontend:

Add the hCaptcha script to our main form page (e.g., page.jsx in the Next.js App Router).
Display the hCaptcha widget or handle token retrieval if invisible.
Backend:

In our api/lookup/route.js (or relevant API file), verify the hCaptcha token with hCaptcha’s verification endpoint.
If verification fails, reject the request with an appropriate error message.
Error Handling & UX:

Provide user-friendly messages if hCaptcha verification fails.
Ensure minimal disruption for legitimate users.

Acceptance Criteria
Frontend: hCaptcha widget or invisible hCaptcha integrated into the lookup form.
Server-Side Validation: Token is verified with hCaptcha before continuing with RDAP lookup.
Failure Handling: If hCaptcha validation fails, the request is rejected with a descriptive error.
Success Flow: If validation succeeds, normal RDAP lookup proceeds.
Performance Considerations: The solution should not substantially slow down or complicate the user experience.
Additional Considerations
Configuration: Keep hCaptcha keys (site key and secret key) in a secure place (e.g., environment variables such as .env.local in Next.js).
Privacy Compliance: Ensure any data collection complies with relevant privacy standards.
Graceful Fallback: If JavaScript is disabled, provide an alternate flow or warning.

If you’re interested in implementing hCaptcha or have any suggestions to improve this security measure, please feel free to comment below or open a PR referencing this issue!