Would it make sense to add some kind of automatic security validation to the codebase? Either through automated tests or static analysis tools such as Bandit.

In the case of automated tests, this would go through the more major possible security issues that apply to fastapi-users (whatever they may be) and systematically test to make sure the code doesn't have those issues.

In the case of scanning tools like Bandit, this might take the form of a pre-commit hook or something similar.

Thoughts?