templates: use yaml.safe_load() for generating Kubernetes manifests

[hjhsalo]

Current implementation of Kubernetes manifest generation uses yaml.load() and yaml.load_all() -methods.

Documentation of PyYAML (https://pyyaml.org/wiki/PyYAMLDocumentation) mentions that yaml.load() (and yaml.load_all() as well) might be dangerous:

Warning: It is not safe to call yaml.load with any data received from an untrusted source! yaml.load is as powerful as pickle.load and so may call any Python function. Check the yaml.safe_load function though. Note that the ability to construct an arbitrary Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load limits this ability to simple Python objects like integers or lists.

Key thing here is the untrusted source and since we have control over yaml-templates, this might not be an issue at all.

However, to write code according to good policies and standards we should at least test changing yaml.load_all() to yaml.safe_load_all().

[diegodelemos]

This issue won't be fixed since soon REANA-Cluster will be deprecated in favour of Helm based deployments.