False-positive B107:hardcoded_password_default with None parameter

[fmigneault]

Describe the bug

Given a function such as:

def __init__(self, auth_scheme, auth_token=None, auth_username=None, auth_password=None, auth_link=None, **kwargs):
    ...

Bandit will flag it as

>> Issue: [B107:hardcoded_password_default] Possible hardcoded password: 'None'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.1/plugins/b107_hardcoded_password_default.html

However, this is clearly not correct, as there is no value applied (None).

This occurs only starting from https://github.com/PyCQA/bandit/releases/tag/1.8.1. All corresponding code works without issue and is not flagged by bandit in earlier versions.

Reproduction steps

1. Define a code as shown above.
2. Run with `bandit<=1.8.0`, everything works.
3. Run with `bandit>=1.8.1`, false positives are raised.

Expected behavior

Explicit None are not considered as hardcoded password strings.

Using None is very typical when defining keyword arguments where passwords might not be mandatory.

Bandit version

1.8.1

Python version

3.10

Additional context

No response