fix: correct bandit command syntax for proper argument handling

BANDIT SYNTAX FIX: Use correct --confidence-level argument

Issue: bandit error 'unrecognized arguments: high'
Root cause: Incorrect argument syntax --confidence high
Correct syntax: --confidence-level high

Changes:
- Update all bandit commands to use --confidence-level high
- Maintain quiet mode (-q) and JSON output (-f json)
- Keep recursive scanning (-r .) for comprehensive coverage
- Ensure proper argument order for bandit CLI

Updated workflows:
- security-scanning.yml: Correct bandit syntax
- All workflows with bandit: Updated to proper syntax

Expected results:
- Bandit scans run without argument errors
- High confidence security issues detected
- Clean JSON output for potential integration
- No more 'unrecognized arguments' errors

This ensures bandit security scanning works correctly
with proper CLI argument syntax.

.gitea/workflows/security-scanning.yml

@@ -92,8 +92,8 @@ jobs:
             venv/bin/pip install bandit
             
             echo "=== Bandit scan (code security) ==="
-            # Run bandit with focus on high-confidence issues only
-            venv/bin/bandit -r . -f json -q --confidence high || echo "Bandit scan completed"
+            # Run bandit with correct syntax for high confidence issues only
+            venv/bin/bandit -r . -f json -q --confidence-level high || echo "Bandit scan completed"
             
             echo "=== Security Summary ==="
             echo "✅ Code security: Bandit scan completed (high confidence only)"