ci: Install pip-audit before running pin_safe_versions

pin_safe_versions.py now calls pip-audit for vulnerability checks.
Without this line it silently falls back to 'allow all' (FileNotFoundError
is caught and returns True), meaning the security scan never ran.

Signed-off-by: Cagri Yonca <cagri@ibm.com>

Author: CagriYonca

.circleci/config.yml

@@ -50,7 +50,7 @@ commands:
           name: Apply grace period to installed packages
           command: |
             . venv/bin/activate
-            pip install --quiet requests packaging
+            pip install --quiet requests packaging pip-audit
             python .circleci/pin_safe_versions.py <<parameters.requirements>>
 
   run-tests-with-coverage-report: