It turns out that we have already implemented the built-in version of local-wipe-after-failed-passwords, and the notes about it were not necessary. It should be possible to connect to an account with local wipe requirements and see proper operation.