Adds Safety dependency vulnerability checks

This change adds dependency vulnerability checks into tox. These checks
are performed by the Safety package which checks requirements files
against a vulnerability database for any issues. If any vulnerabilities
are found, tox will fail its pep8 env.

Change-Id: I6e356d1f55ced7df9490d34e06451acd9cbb6d70

tox.ini

@@ -35,9 +35,17 @@ commands =
   yapf -dr {toxinidir}/spyglass-plugin-xls {toxinidir}/setup.py
   flake8 {toxinidir}/spyglass-plugin-xls
   bandit -r spyglass-plugin-xls -n 5
+  safety check -r requirements.txt --bare
 whitelist_externals =
   bash
 
+[testenv:safety]
+deps =
+    safety
+commands =
+    safety check -r {toxinidir}/requirements.txt --full-report
+    safety check -r {toxinidir}/test-requirements.txt --full-report
+
 [testenv:bandit]
 deps =
     bandit