updated logic to allow manual hash to be added or filter

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/main.yml

@@ -47,7 +47,7 @@
     - rhel9cis_rule_1_4_1
   tags: always
   ansible.builtin.assert:
-    that: rhel9cis_bootloader_password != 'password'   # pragma: allowlist secret
+    that: rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword' or (rhel9cis_bootloader_salt != '' and rhel9cis_bootloader_password != 'password') # pragma: allowlist secret
     msg: "This role will not be able to run single user password commands as rhel9cis_bootloader_password variable has not been set correctly"
 
 - name: "Check crypto-policy module input"