Tox and Zuul job for the python code scan in starlingx/ha

Setting up the bandit tool for the scanning of HIGH severity issues
in the python codes under Starlingx/ha folder.
Expecting this merge will enable zuul job for CI/CD of bandit scan.

Configuration files:
1. tox.ini for adding bandit environment and command.
2. test-requirements.txt for adding bandit version.
3. .zuul.yaml file for adding bandit job and configuring under
   check job to run code scan every time before code commit.

Test:
Run tox -e bandit command inside the fault folder to validate the
bandit scan and result.

Please note:
Changes will be implemented in batches and this is Batch3 change.

Story: 2007541
Task: 39621
Depends-On: https://review.opendev.org/#/c/721294/

Change-Id: I01f81d7c52c12432965106f9603e4db600381971
Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>

.zuul.yaml

@@ -4,6 +4,7 @@
       - publish-stx-docs
       - stx-api-ref-jobs
       - stx-release-notes-jobs
+      - stx-bandit-jobs
     check:
       jobs:
         - openstack-tox-pep8

test-requirements.txt

@@ -1,3 +1,4 @@
 bashate >= 0.2
 PyYAML >= 3.1.0
 yamllint >= 0.5.2
+bandit!=1.6.0,>=1.1.0,<2.0.0

tox.ini

@@ -130,3 +130,9 @@ commands =
   rm -rf api-ref/build
   sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
 whitelist_externals = rm
+
+[testenv:bandit]
+basepython = python3
+description = Bandit code scan for *.py files under config folder
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll