Update password-rules.json for NM Lottery website

[new-mexico-worm-farmer]

Overall Checklist

• I agree to the project's Developer Certificate of Origin
• The top-level JSON objects are sorted alphabetically
• There are no open pull requests for the same update

for password-rules.json

• The given rule isn't particularly standard and obvious for password managers
• Generated passwords have been tested from this rule using the Password Rules Validation Tool
• Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
• The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)

The rules given on the website:

This matches the client-side validation javascript:

Experimentally, I verified that they allow passwords with special characters. Technically, only one of upper or lower would be required, but it seems better to have them both as required (along with the optional special character) vs. trying to strictly encode rules that would only serve to generate weaker passwords (but willing to make changes if that's not in the spirit).

[rmondello]

@new-mexico-worm-farmer Thanks again!