Add bandit to pep8 gate

Neutron uses bandit to detect security issues. This patch adds bandit
to the pep8 gate to automatically lint for security issues in
python-neutronclient.

Change-Id: Ifd8caf65cc89e7d6d6ebc8f58539741cfbab839b

test-requirements.txt

@@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 
+bandit>=1.1.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 flake8-import-order==0.12 # LGPLv3

tox.ini

@@ -25,7 +25,9 @@ commands = sh -c "find . -type d -name '.?*' -prune -o \
 whitelist_externals = sh
 
 [testenv:pep8]
-commands = flake8
+commands =
+  flake8
+  {[testenv:bandit]commands}
 distribute = false
 
 [testenv:venv]
@@ -62,6 +64,10 @@ import-order-style = pep8
 # H904: Delay string interpolations at logging calls
 enable-extensions=H904
 
+[testenv:bandit]
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r neutronclient -x tests -n5
+
 [testenv:lower-constraints]
 basepython = python3
 deps =