--bandit is ignored, plugin always runs, 'off by default' impossible

[wahuneke]

I can find no way to configure pytest.ini so that we can have this plugin installed and configured but off by default. using addopts= -pno:bandit does disable the plugin as it should, but it is not possible to then turn it on again from command line (-pbandit or -ppytest_bandit, do not work).

It looks like the --bandit flag was supposed to activate this plugin - implying that it was intended to be off by default. It appears that flag actually does nothing. Not sure what is the right fix at this point since people may be using this and expecting the plugin to run automatically.

I suggest the solution is to change the meaning of the --bandit flag just a little bit. It should go from doing nothing to overriding the '--nobandit' flag. Then, add a --nobandit flag.

People like me will then be able to add --nobandit in pytest.ini and then have this overridden when we want to run from cmd line by adding --bandit

[mattwwarren]

I admit, my implementation of the config loading leaves a lot to be desired. I don't know how quickly I can get to this right now but it looks like I totally missed even checking for run_bandit in the execution of the plugin.