added bundle audit gem and added it to github CI

[OlegPhenomenon]

Tasks

• Adding new tasks to CI that check for vulnerabilities in dependencies and code quality
• Fixes to critical pieces of code

What's fixed

• fixed code responsible for LHV Connect connection
• changed the method for serializing cookies from marshal to json
• updated session_store values, added http:only which ensures that cookie operations cannot be executed via javascript

What's checked

• bundle-audit and brakeman showed no problems
• production.rb has: config.force_ssl = true
• cookie time is set to 30 minutes
• output data screening in erb templates
• Rails.application.config.filter_parameters += [ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn] filter sensitive data. Can be added more parameters
  What else can be filtering?

What to test?
Test how the connection with LHV Connect works:

• test on dev environment
• test on staging environment
• test on test environment

Test authorization and cookies, as well as session lifetime

• Log in to the account and after 30 minutes check if the user is still logged in or if the session is no longer valid.

What else can be added?

• Reset the session if user login with different browser agent or IP-address