test(security-fixtures): suppress Bandit B108/B104 on adversarial inputs

  The hardcoded /tmp paths and 0.0.0.0 bind in
  test_archives_api.py / test_attach_timelapse_safe_path.py /
  test_vp_mqtt_bridge.py are deliberate adversarial-input fixtures for
  the path-traversal containment tests and the #1429 bind_address=0.0.0.0
  auto-resolve path — not insecure temp-file usage by the tests. Same
  nosec-without-comment pattern as the existing test_virtual_printer.py
  sites.

backend/tests/integration/test_archives_api.py

@@ -1288,7 +1288,7 @@ class TestUploadSourceThreeMF:
         archive = await archive_factory(
             printer.id,
             print_name="Corrupt Path",
-            file_path="/tmp/totally_outside.gcode.3mf",
+            file_path="/tmp/totally_outside.gcode.3mf",  # nosec B108
             filename="totally_outside.gcode.3mf",
         )
 
@@ -1298,4 +1298,4 @@ class TestUploadSourceThreeMF:
         assert response.status_code == 500
         assert "outside the data directory" in response.json()["detail"]
         # Did not write anything under the bogus /tmp/source/ either.
-        assert not (Path("/tmp") / "source").exists() or not (Path("/tmp") / "source" / "totally_outside.3mf").exists()
+        assert not (Path("/tmp") / "source").exists() or not (Path("/tmp") / "source" / "totally_outside.3mf").exists()  # nosec B108

backend/tests/unit/services/test_attach_timelapse_safe_path.py

@@ -78,11 +78,11 @@ async def test_attach_timelapse_rejects_absolute_filename(tmp_path: Path, monkey
     result = await service.attach_timelapse(
         archive_id=1,
         timelapse_data=b"x",
-        filename="/tmp/owned_via_absolute",
+        filename="/tmp/owned_via_absolute",  # nosec B108
     )
 
     assert result is False
-    assert not Path("/tmp/owned_via_absolute").exists()
+    assert not Path("/tmp/owned_via_absolute").exists()  # nosec B108
 
 
 @pytest.mark.asyncio

backend/tests/unit/test_vp_mqtt_bridge.py

@@ -1103,7 +1103,7 @@ class TestBindAddressAutoResolve:
     async def test_rewrite_arms_via_auto_resolved_host_ip(self):
         """When bind_address is 0.0.0.0, fall back to the host interface in
         the target printer's subnet and rewrite to that IP."""
-        server = _make_server(bind_address="0.0.0.0")
+        server = _make_server(bind_address="0.0.0.0")  # nosec B104
         bridge = _make_bridge(server)
         with patch(
             "backend.app.services.virtual_printer.mqtt_bridge._resolve_host_interface_for_target",