Fix implicit conversion of data from YAML files

[negillett]

To maintain data integrety when loading YAML files, loading is now done
using BaseLoader in stead of SafeLoader. Fixes #34.

[rohanpm]

I think this isn't the best approach as it's covering the issue only for that specific example of conversion to float, but there are other kinds of conversions we should be avoiding too.

Another couple of examples of surprising behavior during load:

>>> import yaml
>>> yaml.load('foo: yes')
{'foo': True}
>>> yaml.load('foo: 0123')
{'foo': 83}

# with BaseLoader instead, always get strings
>>> yaml.load('foo: 0123', Loader=yaml.BaseLoader)
{'foo': '0123'}
>>> yaml.load('foo: yes', Loader=yaml.BaseLoader)
{'foo': 'yes'}

Boolean is contrived, but I don't think it's outside the realm of possibility that there could be a stream named something like 0123 at some point, seeing as streams may be based on upstream version numbers and those can be anything.

It seems like it should be using BaseLoader to disable the conversions entirely.

As I understand it, there was a concern that replacing safe_load (which uses SafeLoader) with BaseLoader would make the code less safe. I don't think this is true, based on docs at https://pyyaml.org/wiki/PyYAMLDocumentation the hierarchy seems to be:

• Loader - "supports all predefined tags and may construct an arbitrary Python object", i.e. completely unsafe
• SafeLoader - "supports only standard YAML tags", safe as it can't construct arbitrary Python objects. Also enables the implicit conversions although the docs don't point this out too clearly.
• BaseLoader - "does not resolve or support any tags", i.e. even safer than SafeLoader. It's documented as returning "only basic Python objects: lists, dictionaries and Unicode strings."