Avoid false positives of Jinja2 in Bandit scan

When Bandit scans nova/console/xvp.py and nova/virt/netutils.py, the
high severity issue ("B701:jinja2_autoescape_false") are triggered. By
adding #nosec to above code, this alarm will be surpressed.

"When autoescaping is enabled, Jinja2 will filter input strings to
escape any HTML content submitted via template variables. Without
escaping HTML input the application becomes vulnerable to Cross Site
Scripting (XSS) attacks."[1] However, the "injected_network_template" is
a template with text format and different rules, and is not intended to
be executable. Hence, the security concern is not applicable here.

[1] https://docs.openstack.org/developer/bandit/plugins/jinja2_autoescape_false.html

Closes-Bug: #1701712
Change-Id: Ie819d90492af1e5c3b3d64403495d7355dc2cd91

nova/console/xvp.py

@@ -87,7 +87,8 @@ class XVPConsoleProxy(object):
         conf_data = {'multiplex_port': CONF.xvp.console_xvp_multiplex_port,
                      'pools': pools}
         tmpl_path, tmpl_file = os.path.split(CONF.injected_network_template)
-        env = jinja2.Environment(loader=jinja2.FileSystemLoader(tmpl_path))
+        env = jinja2.Environment(  # nosec
+            loader=jinja2.FileSystemLoader(tmpl_path))  # nosec
         env.filters['pass_encode'] = self.fix_console_password
         template = env.get_template(tmpl_file)
         self._write_conf(template.render(conf_data))

nova/virt/netutils.py

@@ -155,8 +155,9 @@ def get_injected_network_template(network_info, template=None,
         return
 
     tmpl_path, tmpl_file = os.path.split(template)
-    env = jinja2.Environment(loader=jinja2.FileSystemLoader(tmpl_path),
-                             trim_blocks=True)
+    env = jinja2.Environment(  # nosec
+        loader=jinja2.FileSystemLoader(tmpl_path),  # nosec
+        trim_blocks=True)
     template = env.get_template(tmpl_file)
     return template.render({'interfaces': nets,
                             'use_ipv6': ipv6_is_available,