feat: add debian12 scripts

- password_number_changed_chars.sh	-> 5.3.3.2.1
- password_dictcheck_enabled.sh 	-> 5.3.3.2.6
- password_quality_enforced.sh 		-> 5.3.3.2.7
- password_quality_enforced_for_root.sh -> 5.3.3.2.8

tests/hardening/password_number_changed_chars.sh

@@ -0,0 +1,28 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    # prepare to fail
+    describe Prepare on purpose failed test
+    apt-get install -y libpam-pwquality
+    sed -E -i '/^[[:space:]]?difok/d' /etc/security/pwquality.conf
+    echo "pam_pwquality.so difok=1" >/usr/share/pam-configs/test_cis.conf
+
+    describe Running on purpose failed test
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe correcting situation
+    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    "${CIS_CHECKS_DIR}/${script}.sh" --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe clean test
+    rm -f /usr/share/pam-configs/test_cis.conf
+    apt-get remove -y libpam-pwquality
+
+}