Use defusedxml for xml parsing instead of etree

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>

.github/workflows/analysis.yml

@@ -40,6 +40,9 @@ jobs:
                 with:
                     distribution: "temurin"
                     java-version: 11
+            -   name: Install dependencies
+                run: |
+                    python3 -m pip install defusedxml
             -   name: Run analysis wrapper
                 run: |
                     mkdir -p $HOME/.gradle

.gitignore

@@ -50,4 +50,7 @@ fastlane/Fastfile
 **/fastlane/test_output
 /fastlane/vendor/
 /.bundle/
-/fastlane/.bundle/
+/fastlane/.bundle
+
+# python
+**/__pycache__/

scripts/analysis/spotbugsComparison.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 import spotbugsSummary
 
 

scripts/analysis/spotbugsSummary.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 import argparse
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 
 
 def get_counts(tree):