[stable-only] Cap bandit to 1.6.2

The 1.6.3 [1] release has dropped support for py2 [2] so cap to 1.6.2
when using py2.

Also fix sphinx doc requirements and xattr requirement to make
requirements-check job pass.

[1] https://github.com/PyCQA/bandit/releases/tag/1.6.3
[2] https://github.com/PyCQA/bandit/pull/615

Depends-On: https://review.opendev.org/c/openstack/devstack/+/768257

Closes-Bug: #1907438
Change-Id: I294d5350e2f418614e54ff7bdd47dff16bfdcdbc
(cherry picked from commit 1f2326cd7c)

doc/requirements.txt

@@ -2,7 +2,8 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # this is required for the docs build jobs
-sphinx>=1.6.2 # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7'  # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
 openstackdocstheme>=1.11.0 # Apache-2.0
 reno>=1.8.0  # Apache-2.0
 os-api-ref>=1.0.0 # Apache-2.0

requirements.txt

@@ -10,7 +10,7 @@ PasteDeploy>=1.3.3
 lxml>=3.4.1
 requests>=2.14.2 # Apache-2.0
 six>=1.9.0
-xattr>=0.4
+xattr>=0.4;sys_platform!='win32'        # MIT
 PyECLib>=1.3.1                          # BSD
 cryptography!=2.0,>=1.6                 # BSD/Apache-2.0
 ipaddress>=1.0.16;python_version<'3.3'          # PSF

test-requirements.txt

@@ -20,6 +20,6 @@ fixtures>=3.0.0 # Apache-2.0/BSD
 keystonemiddleware>=4.17.0 # Apache-2.0
 
 # Security checks
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.1.0,<=1.6.2 # Apache-2.0
 
 docutils>=0.11  # OSI-Approved Open Source, Public Domain