Add password rules for gap.com

[kiddailey]

Overall Checklist

• [x] I agree to the project's Developer Certificate of Origin
• [x] The top-level JSON objects are sorted alphabetically
• [x] There are no open pull requests for the same update

for password-rules.json

• [x] The given rule isn't particularly standard and obvious for password managers
• [x] Generated passwords have been tested from this rule using the Password Rules Validation Tool
• [x] Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
• [x] The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)

Notes

• This PR adds gap.com. Also covers oldnavy.gap.com, bananarepublic.gap.com, and athleta.gap.com. Unless required, I'm not including a shared credential since the relevant root domains resolve to these gap.com subdomains (i.e. oldnavy.com redirects to oldnavy.gap.com) when creating an account or logging in.
• The Password Rules Validation Tool reorders the symbols, but I retained the same order shown on the screenshot.
• I verified manually that the listed symbols in the screenshot are accepted
• All other special characters are not allowed at all. Including a disallowed special character invalidates the special requirement even if a valid special is included. I debated about whether this meant I should include a duplicative allowed specification for clarity. Let me know if it should be there and I'll add it.

Screenshot

Account creation page with password rules displayed