Configure automatic code linter

[lukpueh]

Description of issue or feature request:

• Configure linter (e.g. pylint) to analyze all securesystemslib code including tests
• Configure tox+travis to run linter on PR and require full pass
• Fix linter errors/warnings in all securesystemslib code including tests

See in-toto/in-toto#289, in-toto/in-toto#296, in-toto/in-toto#279 for an exemplary setup, also see how commits are aggregated by error/warning type, to mitigate the flag day.

Current behavior:
No automatic code linting and unlinted code

Expected behavior:
Automatic code linting and linted code

[trishankatdatadog]

I propose trying GitHub's LGTM static analysis tool: https://lgtm.com/projects/g/theupdateframework/tuf/?mode=list

[lukpueh]

python-tuf uses black, isort and pylint these days and I'm very happy with the setup because it has eliminated code style discussions (see invocation and config).

Let's do the same thing at least for any newly added modules in securesystemslib.

[joshuagl]

💯

[jku]

I propose trying GitHub's LGTM static analysis tool: https://lgtm.com/projects/g/theupdateframework/tuf/?mode=list

this is irrelevant to the discussion but: the errors on the linked page are incorrect as all classes are "new-style" in Python now, explicitly deriving from object is not required (the distinction was a python 2 workaround).

[MVrachev]

Do we want to mention mypy as well and start using type annotations?
It's possible now when securesystemslib doesn't use python2.