There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.

[0] https://github.com/PyCQA/bandit/issues/488
[1] https://github.com/PyCQA/bandit/pull/489
For additional details, refer to ML Thread[1]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006116.html

Change-Id: I01b3ee75aa52b2711bacbf26690ce55a4c3f336e