Add check for decompression bomb vulnerabilities

[kfess]

Is your feature request related to a problem? Please describe.

Bandit currently does not detect potential decompression bomb vulnerabilities.

Describe the solution you'd like

Add a new check (for example, B114) that detects:

1. Direct dangerous calls:

   • gzip.decompress()
   • zlib.decompress()
   • bz2.decompress()
   • lzma.decompress()
   • and other standard libs.

2. Reading from compressed files without size limit:

   • gzip.open() followed by .read() without size argument

Describe alternatives you've considered

gosec (Go security checker) has a similar rule (G110).

Additional context

• CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
• I'm happy to submit a PR if this feature is welcomed