feat: add debian12 scripts

- sudo_re_authenticate.sh 	-> 5.2.5
- pam_pwhistory_enabled.sh 	-> 5.3.2.4
- pam_faillock_enabled.sh	-> 5.3.2.2
This is an updated version of enable_lockout_failed_password.sh (renamed)

- pam_unix_enabled.sh  		-> 5.3.2.1
- password_failed_lockout.sh 	-> 5.3.3.1.1
- password_unlock_time.sh 	-> 5.3.3.1.2
- password_root_unlock.sh 	-> 5.3.3.1.3

tests/hardening/password_root_unlock.sh

@@ -0,0 +1,26 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    # prepare to fail
+    describe Prepare on purpose failed test
+    sed -i '/^[[:space:]]?root_unlock_time/d' /etc/security/faillock.conf
+    echo "auth pam_faillock.so root_unlock_time=0" >/usr/share/pam-configs/test_cis
+
+    describe Running on purpose failed test
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe correcting situation
+    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    "${CIS_CHECKS_DIR}/${script}.sh" --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe clean test
+    rm -f /usr/share/pam-configs/test_cis
+
+}