Security & QA Scanning tool improvements

[Xpirix]

I'm late to the party but for a future improvement, I suggest :

• using flake8-qgis would be a nice addition
• send the report to author/maintainers of the plugin
• expose or return the report to the publishing request to integrate it seamlessly in tooling like qgis-plugin-ci
• expose and refine bandit configuration since it comes with a bunch of alerts which part of are irrelevant in a PyQGIS context (defused XML...)

Originally posted by @Guts in #219 (comment)