Run bandit on specutils and integrate it into the CI

[eteq]

Bandit is a now I think fairly standard tool for auditing Python packages for known security issues. We should try running that on specutils to make sure there aren't issues, and if not set it up to run on new PRs as part of the CI. (There's a pretty much ready-to-go github action for this it looks like, at least based on what I see @pllim implemented in https://github.com/spacetelescope/synphot_refactor).

[pllim]

Well... bandit is a Python package, so you can tie it into whatever CI you are using, not just GitHub Actions. I do like Actions but I know @astrofrog has a different opinion. 😜

FWIW bandit is a good quick check. It does AST check but nothing too fancy beyond that; i.e., passing bandit check does not mean your code is secure. Failing it also doesn't mean it is insecure (maybe you have to call some CLI using subprocess or something). Simple check is better than no check though.

[pllim]

Also, @nden was the original developer who adopted bandit, I think. Here is her implementation with Travis CI: https://github.com/spacetelescope/gwcs

[astrofrog]

I don't actually object to GitHub actions as such, especially when there are ready made ones available!