gitlab-ci: add 'bandit' security scanner to all runs

bandit is used by Radically Open Security and is part of the GitLab Ultimate
Static Application Security Testing (SAST) suite.

https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
4 jobs for bandit-scanner-and-fixes in 37 minutes and 29 seconds
Status Job ID Name Coverage
  Test
passed #93111329
lint_format_safety_bandit_checks

00:05:58

passed #93166785
metadata_v0

00:09:27

passed #93111325
test

00:28:01

failed #93111327
metadata_v0

00:04:53