update password requirements

[afeld]

Per NIST SP 800-63B:

Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. … No other complexity requirements for memorized secrets SHOULD be imposed.

Suggest updating the defaults to match.

grace-config/variables.tf

Lines 65 to 105 in 50ee1c6

	variable "iam_password_policy_require_uppercase" {
	type = bool
	description = "(optional) The boolean value indicating whether the password policy requires uppercase letters"
	default = true
	}
	variable "iam_password_policy_require_lowercase" {
	type = bool
	description = "(optional) The boolean value indicating whether the password policy requires lowercase letters"
	default = true
	}
	variable "iam_password_policy_require_symbols" {
	type = bool
	description = "(optional) The boolean value indicating whether the password policy requires symbols"
	default = true
	}
	variable "iam_password_policy_require_numbers" {
	type = bool
	description = "(optional) The boolean value indicating whether the password policy requires numbers"
	default = true
	}
	variable "iam_password_policy_min_length" {
	type = number
	description = "(optional) The boolean value indicating the minimum password length"
	default = 16
	}
	variable "iam_password_policy_history_length" {
	type = number
	description = "(optional) The boolean value indicating the number of passwords to remember and prevent reuse"
	default = 10
	}
	variable "iam_password_policy_max_age_days" {
	type = number
	description = "(optional) The boolean value indicating the number of days before a password expires"
	default = 90
	}