Switch to yaml.safe_load for better security

Use the yaml.safe_load to avoid unwanted privilege escalation due to
deserializing unsafe objects. Also switch to yaml.safe.dump for
symmetry, so that we don't write out files we'll later refuse to
parse.