fix: Add missing suffix to bandit rule subset

What does this MR do?

With the merge of !192 (merged) we missed a few suffixes on bandit identifiers

• typebug correct bandit primary identifiers
• typemaintenance standardize mappings to always utilize metadata.primary_identifier for prepackaged rules: limit id usage to only rules without metadata
• Add CI job to validate schemas for above typemaintenance

Hopefully the added script is short-lived until we can copy over the sast-rules files but I wanted some validation in place before then. You can see the latest pipeline for semgrep-rules-yaml-validation to see how it works but for clarity here's a failing case:

❯ for f in "find_sec_bugs.yml"; do ruby semgrep_rules_check/find_nonmatching_rule_ids.rb rules/$f; done

[WARN] YAML validation failed for rules/find_sec_bugs.yml
[WARN] noncompliant rules:
  id: find_sec_bugs.PATH_TRAVERSAL_OUT-1.PATH_TRAVERSAL_OUT-1
  primary_identifier: find_sec_bugs.PATH_TRAVERSAL_OUT-1.PATH_TRAVERSAL_OUT-1
  secondary_identifier_count: 1

[ERROR] YAML validation failed for rules/find_sec_bugs.yml
[ERROR] noncompliant rules:
  id: find_sec_bugs.XXE_XPATH-1.XXE_DOCUMENT-1
  primary_identifier: find_sec_bugs.XXE_XPATH-1
  secondary_identifier_count: 2

❯ echo $?
1

What are the relevant issue numbers?

Relates to https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/issues/125

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer