Fix Bandit issues

[jdangerx]

For some reason, bandit on CI is calling us out for more SQL injection vulnerabilities than it is locally.

First, try to fix the things they caught. Second, we should try to figure out why the bandits differ.

[jdangerx]

Oh:
PyCQA/bandit#917 and PyCQA/bandit#915 were both merged into bandit 1.7.5 which was just released last night.

[codecov]

Codecov Report

Patch coverage: 50.0% and no project coverage change.

Comparison is base (7264ed5) 86.1% compared to head (d5a02f1) 86.1%.

Additional details and impacted files

@@          Coverage Diff          @@
##             dev   #2381   +/-   ##
=====================================
  Coverage   86.1%   86.1%           
=====================================
  Files         74      74           
  Lines       9376    9376           
=====================================
  Hits        8082    8082           
  Misses      1294    1294           

Impacted Files	Coverage Δ
src/pudl/extract/ferc1.py	87.6% <ø> (ø)
src/pudl/helpers.py	87.4% <50.0%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[zaneselvans]

Somehow I thought the helpers.py had already been merged into dev? They look familiar.

[zaneselvans]

I think the pre-commit hooks also only update once a week, and so they were still at bandit 1.7.4 while the new environment in CI immediately updated to 1.7.5 the next time it got rebuilt.