[GateFix] Ignore false positive bandit B105 test failure

Bandit B105 hardcoded_password_string[1] is causing gate failure,
which is false positive.
Added a # nosec comment to skip Bandit testing of that line.

[1] https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html

Add local bindep.txt to include PostgreSQL dependendencies for testing.

Story: 2006058
Task: 34771

Change-Id: I579754a0e093e192366ad2783bd766473227e761

bindep.txt

@@ -0,0 +1,4 @@
+# This is a cross-platform list tracking distribution packages needed for install and tests;
+# see https://docs.openstack.org/infra/bindep/ for additional information.
+
+libpq-dev [platform:dpkg]

monasca_notification/conf/database.py

@@ -32,7 +32,7 @@ _ACCEPTABLE_DRIVER_KEYS = set(list(_REPO_DRIVERS_MAP.keys()) +
 
 _DEFAULT_DB_HOST = '127.0.0.1'
 _DEFAULT_DB_USER = 'notification'
-_DEFAULT_DB_PASSWORD = 'password'
+_DEFAULT_DB_PASSWORD = 'password'  # nosec bandit B105
 _DEFAULT_DB_NAME = 'mon'
 _DEFAULT_POSTGRESQL_PORT = 5432
 _DEFAULT_MYSQL_PORT = 3306

tox.ini

@@ -90,3 +90,15 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands =
   sphinx-build -a -E -W -d releasenotes/build/doctrees -b html \
     releasenotes/source releasenotes/build/html
+
+[testenv:bindep]
+basepython = python3
+# Do not install any requirements. We want this to be fast and work even if
+# system dependencies are missing, since it's used to tell you what system
+# dependencies are missing! This also means that bindep must be installed
+# separately, outside of the requirements files, and develop mode disabled
+# explicitly to avoid unnecessarily installing the checked-out repo too (this
+# further relies on "tox.skipsdist = True" above).
+deps = bindep
+commands = bindep test
+usedevelop = False