use yaml.safe_load() instead of yaml.load()

our yaml is trusted so we don't have any security risk, but this saves a
warning message on run, and it's better anyway since we don't have any
use of the full yaml loader.

Signed-off-by: Mattia Rizzolo <mattia@debian.org>