Make pip-audit part of testing / build process

[jorvis]

@amahurkar brought this up, but this would be good to run against our dependency list to ensure we're not bringing in known exploits or vulnerabilities:

https://pypi.org/project/pip-audit/

[adkinsrs]

I thought he mentioned npm-audit (my ears are broke)... though pip-audit sounds like a good idea.

When using VSCode, I feel I have seen packages in my requirements.txt file highlight vulnerable package versions if I am using them, but I have no idea if it is native or an extension.

We can also make use of Github dependabot, which will periodically scan your repo and update versions if there is a vulnerability. I have used it in other managed Github repos and it works great.

[adkinsrs]

https://docs.github.com/en/account-and-profile/how-tos/account-settings/managing-security-and-analysis-features