Explain why we do not verify roskomsvoboda certificate

app/terraform/block_roskomsvoboda.py

@@ -41,7 +41,9 @@ class BlockRoskomsvobodaAutomation(BlockMirrorAutomation):
     def _fetch(self, latest_rev: str) -> None:
         self._data = None
         try:
-            r = requests.get(f"https://dumps.rublacklist.net/fetch/{latest_rev}", timeout=180, verify=False)
+            # This endpoint routinely has an expired certificate, and it's more useful that we are consuming the
+            # data than that we are verifying the certificate.
+            r = requests.get(f"https://dumps.rublacklist.net/fetch/{latest_rev}", timeout=180, verify=False)  # nosec: B501
             r.raise_for_status()
             zip_file = ZipFile(BytesIO(r.content))
             self._data = zip_file.read("dump.xml")
@@ -76,7 +78,9 @@ class BlockRoskomsvobodaAutomation(BlockMirrorAutomation):
             latest_metadata = {"dump_rev": "0"}
         else:
             latest_metadata = json.loads(state.state)
-        latest_rev = requests.get("https://dumps.rublacklist.net/fetch/latest", timeout=30, verify=False).text.strip()
+        # This endpoint routinely has an expired certificate, and it's more useful that we are consuming the
+        # data than that we are verifying the certificate.
+        latest_rev = requests.get("https://dumps.rublacklist.net/fetch/latest", timeout=30, verify=False).text.strip()  # nosec: B501
         logging.debug("Latest revision is %s, already got %s", latest_rev, latest_metadata["dump_rev"])
         if latest_rev != latest_metadata["dump_rev"]:
             state.state = json.dumps({"dump_rev": latest_rev})