Calling yaml.load() on untrusted data is unsafe and can lead to remote code
execution.

This commit fixes remote code execution in:
* the submit page
* the xmlrpc api
* the scheduler
* lava-master and lava-slave

This bug was found by running bandit (https://github.com/PyCQA/bandit).

Change-Id: I80882f9baeb0e7e1c2127f602cc4b206213cb59f