Integrate `bundler-audit` into the CircleCI continuous integration process

[jrgriffiniii]

Using https://github.com/rubysec/bundler-audit following the generation of a Gemfile.lock within the CircleCI build process would provide a more verbose process for undertaking security audits for components than simply relying upon Dependabot:

• [ ] active_fedora
• [ ] bixby
• [ ] browse-everything
• [ ] hydra-derivatives
• [ ] hydra-editor
• [ ] hydra-file_characterization
• [ ] hydra-head
• [ ] hydra-pcdm
• [ ] hydra-role-management
• [ ] hydra-works
• [ ] iiif_manifest
• [ ] ldp
• [ ] noid-rails
• [ ] questioning_authority
• [ ] rubydora
• [ ] samvera.github.io
• [ ] samvera-circleci-orb
• [ ] valkyrie

[cjcolvar]

What would the appropriate behavior be when running bundler-audit? Should it fail the CI build or just print its output? I'm worried that the former might be too restrictive and the latter will be easily overlooked.