A bandit patch to block sha1 hash is failing CI [1], due to a false
positive on hashlib.sha1 (which actually uses HMAC-SHA1 in keystone
that is considered more secure then standard SHA1)
This change marks a # nosec comment against the line which is
triggering the false positive in Bandit.
[1] https://review.openstack.org/#/c/437563/6
Change-Id: Ib9618119c77f41fba0e612e37c7511676bed47e8
b29f478f28