feat: accept bandit advisories in-line for subprocess (#1077)

Co-authored-by: pyansys-ci-bot <pyansys.github.bot@ansys.com>

Author: RobPasMue

doc/changelog.d/1077.added.md

@@ -0,0 +1 @@
+feat: accept bandit advisories in-line for subprocess

src/ansys/geometry/core/connection/product_instance.py

@@ -23,7 +23,10 @@
 import os
 import signal
 import socket
-import subprocess
+
+# Subprocess is needed to start the backend. But
+# the input is controlled by the library. Excluding bandit check.
+import subprocess  # nosec B404
 
 from ansys.tools.path import get_available_ansys_installations, get_latest_ansys_installation
 from beartype.typing import TYPE_CHECKING, Dict, List
@@ -302,7 +305,7 @@ def prepare_and_start_backend(
     LOG.debug(f"Args: {args}")
     LOG.debug(f"Environment variables: {env_copy}")
 
-    instance = ProductInstance(_start_program(args, env_copy).pid)
+    instance = ProductInstance(__start_program(args, env_copy).pid)
 
     # Verify that the backend is ready to accept connections
     # before returning the Modeler instance.
@@ -403,7 +406,7 @@ def _manifest_path_provider(
         raise RuntimeError(msg)
 
 
-def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen:
+def __start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen:
     """
     Start the program where the path is the first item of the ``args`` array argument.
 
@@ -420,7 +423,8 @@ def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Pop
     subprocess.Popen
         The subprocess object.
     """
-    return subprocess.Popen(
+    # private method and controlled input by library - excluding bandit check.
+    return subprocess.Popen(  # nosec B603
         args,
         stdin=subprocess.DEVNULL,
         stdout=subprocess.DEVNULL,