Use safe YAML loaders for parameters

[MaxGhenis]

Summary

• switch parameter loading and the YAML test runner to safe PyYAML loaders
• replace dynamic breakdown eval with a restricted AST evaluator that still supports the documented range forms
• add regression coverage for malicious YAML tags and dynamic breakdown code execution attempts

Testing

• uv run pytest tests/core/test_parameter_security.py tests/core/tools/test_runner/test_yaml_runner.py tests/core/parameters/operations/test_nesting.py -q

[codecov]

Codecov Report

❌ Patch coverage is 90.21739% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.69%. Comparing base (c9e5a10) to head (c94a745).
⚠️ Report is 28 commits behind head on master.

Files with missing lines	Patch %	Lines
...ore/parameters/operations/homogenize_parameters.py	74.57%	9 Missing and 6 partials ⚠️
policyengine_core/tools/test_runner.py	77.77%	1 Missing and 1 partial ⚠️
policyengine_core/parameters/config.py	94.44%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #453      +/-   ##
==========================================
+ Coverage   84.27%   84.69%   +0.41%     
==========================================
  Files         220      223       +3     
  Lines       11397    11830     +433     
  Branches     1130     1169      +39     
==========================================
+ Hits         9605    10019     +414     
- Misses       1490     1496       +6     
- Partials      302      315      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.