Update password-rules.json for zenni optical

[new-mexico-worm-farmer]

Overall Checklist

• I agree to the project's Developer Certificate of Origin
• The top-level JSON objects are sorted alphabetically
• There are no open pull requests for the same update

for password-rules.json

• The given rule isn't particularly standard and obvious for password managers
• Generated passwords have been tested from this rule using the Password Rules Validation Tool
• Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
• The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)

This website only requires upper/lower/digit:

However, their client-side javascript appears to allow essentially any special character:

        class FusionAuthPasswordChecker {
          constructor(minLength, maxLength, requireMixedCase, requireNonAlpha, requireNumber) {
            this.rules = { minLength, maxLength, requireMixedCase, requireNonAlpha, requireNumber };
          }

          validate(password) {
            const messages = [];
            let valid = true;

            if (password.length < this.rules.minLength || password.length > this.rules.maxLength) {
              messages.push(this.rules.minLength + ' to ' + this.rules.maxLength + ' characters long');
              valid = false;
            }

            if (this.rules.requireMixedCase && !/[A-Z]/.test(password)) {
              messages.push('One uppercase character');
              valid = false;
            }

            if (this.rules.requireMixedCase && !/[a-z]/.test(password)) {
              messages.push('One lowercase character');
              valid = false;
            }

            if (this.rules.requireNumber && !/[0-9]/.test(password)) {
              messages.push('One number');
              valid = false;
            }

            if (this.rules.requireNonAlpha && !/[^A-Za-z0-9]/.test(password)) {
              messages.push('One special character.');
              valid = false;
            }

            return { valid, messages };
          }
        }

        const minLength = 8;
        const maxLength = 14; 
        const requireMixedCase = true;
        const requireNonAlpha = false;
        const requireNumber = true;

For example:

I tested a dozen passwords from the Password validation tool and the client-side javascript accepted them all. However, I did not want to potentially mess up my account if this validation isn't great, so I did not submit any changes for any server-side validation, nor did I want to create a dummy account.

[new-mexico-worm-farmer]

I should add that the issue to be addressed here is that because the password maximum length is relatively short, the default behavior sometimes (but not always) generates a password that is missing a required character class (e.g. number).