Describe the bug

An exclusion filter like -x ./.tox seems to work as desired, but -x .tox doesn't exclude the same directory. I couldn't find any docs on what the exact syntax of exclusion filters should be, so I'd assume both are supported.

Reproduction steps

1. Have a large .tox folder at the root level of a project

2. Run bandit -x ./.tox -ll -f json -o bandit.json -r . and observe that 94 (or some other small number) of things will be scanned

% bandit -x ./.tox -ll -f json -o bandit.json -r .
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
94 [0.. 50.. ]
[json]	INFO	JSON output written to file: bandit.json

3. Run bandit -x .tox -ll -f json -o bandit.json -r . and observe that 19282 (or some other large number) of things will be scanned

% bandit -x .tox -ll -f json -o bandit.json -r . 
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
19282 [0.. 50.. ^C

Expected behavior

The two exclusion filters should be equivalent.

Bandit version

1.7.4 (Default)

Python version

3.9

Additional context

The danger of this bug is that files/directories might be unintentionally included/excluded, rendering reports inaccurate.