vcrpy: yaml.Loader allows arbitrary code execution via malicious cassettes

vcrpy uses yaml.Loader/CLoader instead of SafeLoader/CSafeLoader, allowing arbitrary code execution via malicious YAML cassettes.

All users of vcrpy versions 1.0.0 through 8.1.1 who load YAML cassettes, especially in CI/CD or developer environments.

Replace yaml.load with yaml.safe_load in vcr/serializers/yamlserializer.py and vcr/migration.py, or apply the patch provided in the advisory.