mitogen.utils.cast() can silently fail to cast string subtypes (e.g. AnsibleUnsafeText)

[moreati]

mitogen.utils.cast(v) is intended to recursively replace subtypes of builtins in v. In versions of Ansible that have addressed CVE-2023-5764 it silently fails to do so for ansible.utils.unsafe_proxy.AnsibleUnsafeText() et al. The cause is that cast() calls str() on the value, and in these versions of Ansible AnsibleUnsafeText() overrides __str__() to return itself.

This was one of the root causes of #221, but this was obscured by the lack of an immediate warning or error.

Further discussion/investigation in https://github.com/mitogen-hq/mitogen/wiki/AnsibleUnsafe-notes

Fix/mitigations in progress.

>>> import ansible, ansible.utils.unsafe_proxy, mitogen.utils
>>> ansible.__version__
'2.14.14'
>>> unsafe_text = ansible.utils.unsafe_proxy.wrap_var('abc')
>>> type(unsafe_text)
<class 'ansible.utils.unsafe_proxy.AnsibleUnsafeText'>
>>> type(mitogen.utils.cast(unsafe_text))
<class 'ansible.utils.unsafe_proxy.AnsibleUnsafeText'>