[CI] Add a workflow for Bandit check (#16394)

We're preparing for public releases - it requires that all python code
is verified with the Bandit tool.
This PR adds new workflow to perform the check.

Author: KornevNikita

.github/workflows/bandit.yml

@@ -0,0 +1,32 @@
+name: Scan Python code with Bandit
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 3 * * *'
+
+
+permissions:
+  contents: read
+
+jobs:
+  bandit:
+    name: Bandit
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Clone the git repo
+        uses: actions/checkout@v4
+
+      - name: Install Bandit
+        run: pip install bandit bandit-sarif-formatter
+
+      - name: Run Bandit
+        run: |
+          bandit -c devops/bandit.config -r . --exit-zero -f sarif -o bandit_results.sarif
+
+      - uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: bandit_results.sarif