Add more controls in pre-commit, partly security

[juju4]

• detect-private-key
• check-added-large-files
• codespell
• detect-secrets
• semgrep
• bandit
• (black) if maintainers comfortable with it - https://black.readthedocs.io/en/stable/

By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyle nagging about formatting. You will save time and mental energy for more important matters.

[achantavy]

Hi - It'd be easier to discuss these additions one by one since adding them all at once will be a big change to our CI. Is there one you'd like us to consider first?

[juju4]

order does not really matter if ending to merge all.

codespell is about code spelling
detect-secrets try to prevent committing secrets in code
semgrep and bandit are security code scanning tools

example run
https://github.com/juju4/cartography/actions/runs/3863435878/jobs/6585623944#step:4:118

[ben-elttam]

Choosing to use black will mean a big patch at first to get the code in the black style formatting, but going forward will make PRs more straight forward as the formatting style is black.

[chandanchowdhury]

The MR looks large/scary, however 90% of the changes are strictly cosmetic e.g. fix spelling and lint error etc.

Notes:

• Not enabling black yet.
• Added TIMEOUT to requests call in two files. Modules impacted: Azure, Github.
• Forced TLS verification in one file. Modules impacted: BigFix.
• Spelling error fixed for one variable in two files under AWS test.
• Use yaml.SafeLoader instead of yaml.FullLoader. Module imapced: AWS
• Strictly cosmetic (spelling, lint etc.) changes in twenty six files.