Fix some bandit findings

Everything in the middle serverity level and higher:

* Adds a timeout to the SPOT call (30 seconds)
* Use python's `tempfile` to make the temporary PDF written to
    * even though we don't read from the file, we don't want to write to a different / injected file.

Author: BryceStevenWilley

formfyxer/lit_explorer.py

@@ -235,6 +235,7 @@ def spot(
         "https://spot.suffolklitlab.org/v0/entities-nested/",
         headers=headers,
         data=json.dumps(body),
+        timeout=30,
     )
     output_ = r.json()
     try:
@@ -1630,16 +1631,17 @@ def parse_form(
         or readability > 30
     ):
         # We do not care what the PDF output is, doesn't add that much time
-        ocr_p = [
-            "ocrmypdf",
-            "--force-ocr",
-            "--rotate-pages",
-            "--sidecar",
-            "-",
-            in_file,
-            "/tmp/test.pdf",
-        ]
-        process = subprocess.run(ocr_p, timeout=60, check=False, capture_output=True)
+        with tempfile.NamedTemporaryFile(suffix=".pdf", delete=True) as temp_pdf:
+            ocr_p = [
+                "ocrmypdf",
+                "--force-ocr",
+                "--rotate-pages",
+                "--sidecar",
+                "-",
+                in_file,
+                temp_pdf.name,
+            ]
+            process = subprocess.run(ocr_p, timeout=60, check=False, capture_output=True)
         if process.returncode == 0:
             original_text = process.stdout.decode()
             text = cleanup_text(original_text)