docs(admin): consolidate duplicate bruteforcesettings app warning

Merged the two identical "disabling the app does not stop BFP" warnings
into one improved warning in the canonical location (the brute force
settings app section). The fail2ban comparison section already conveys
the same point inline.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

Author: skjnldsv

admin_manual/configuration_server/bruteforce_configuration.rst

@@ -91,8 +91,11 @@ addresses and ranges to exempt from brute force protection.
 Additional enhancements may be made in the future, within this app and/or in combination with Nextcloud Server for
 additional monitoring or behavior adjustments related to brute force protection.
 
-.. warning:: Disabling the ``bruteforcesettings`` app does **not** disable brute force protection
-   - it merely removes your ability to adjust brute force related settings from the Web interface.
+.. warning::
+
+   Disabling the ``bruteforcesettings`` app does **not** disable brute force protection.
+   The protection is built into Nextcloud Server core and is always active. Disabling the app
+   only removes the ability to manage brute force settings from the Web interface.
 
 .. danger::
 
@@ -172,12 +175,6 @@ Nextcloud's built-in brute force protection and fail2ban are complementary tools
 operate at different layers of the stack. Using both together is recommended for
 production servers.
 
-.. warning::
-
-   Disabling the ``bruteforcesettings`` app does **not** disable brute force protection.
-   The protection is built into Nextcloud Server core and is always active. The app only
-   provides the admin UI and the IP exclusion settings.
-
 **Nextcloud brute force protection** is built into Nextcloud Server itself (the
 ``bruteforcesettings`` app provides the admin UI and exclusion settings, but the
 protection runs regardless). It works at the **application layer**: it detects