Use safe YAML loaders for parameters

[MaxGhenis]

Summary

• switch parameter loading and the YAML test runner to safe PyYAML loaders
• replace dynamic breakdown eval with a restricted AST evaluator that still supports the documented range forms
• add regression coverage for malicious YAML tags and dynamic breakdown code execution attempts

Testing

• uv run pytest tests/core/test_parameter_security.py tests/core/tools/test_runner/test_yaml_runner.py tests/core/parameters/operations/test_nesting.py -q

[codecov]

Codecov Report

❌ Patch coverage is 83.05085% with 30 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.95%. Comparing base (8483579) to head (41a493d).
⚠️ Report is 8 commits behind head on master.

Files with missing lines	Patch %	Lines
...ore/parameters/operations/homogenize_parameters.py	59.70%	19 Missing and 8 partials ⚠️
policyengine_core/tools/test_runner.py	77.77%	1 Missing and 1 partial ⚠️
policyengine_core/parameters/config.py	91.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #453      +/-   ##
==========================================
+ Coverage   82.51%   82.95%   +0.43%     
==========================================
  Files         202      204       +2     
  Lines       10634    11024     +390     
  Branches     1069     1117      +48     
==========================================
+ Hits         8775     9145     +370     
- Misses       1583     1584       +1     
- Partials      276      295      +19     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.