[DPG] _serialization.py produces errors with `bandit`

[kristapratico]

See example run here: https://dev.azure.com/azure-sdk/public/_build/results?buildId=1650956&view=logs&j=b70e5e73-bbb6-5567-0939-8415943fadb9&t=5da75d26-b661-5189-46a3-f9dd247b5d85&l=331

There seem to be 2 lines which bandit is unhappy with:

1. return ET.fromstring(data_as_str)
2. return eval(data_type)(data)

Right now we are ignoring in the CLU client library with # nosec. Determine whether to update these lines to bandit's recommendations / something else appropriate or whether we want to ignore globally for all DPG clients.