Replaces yaml.load() with yaml.safe_load()

Yaml.load() return Python object may be dangerous if you receive a YAML
document from an untrusted source such as the Internet. The function
yaml.safe_load() limits this ability to simple Python objects like integers or
lists.

While we're there switch to https for the load so we can be more
confident this is 'correct' data

Reference:
https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I89adc358f1b3e934788a416b7ef7ea8bfc1a45db

tools/list_ptls.py

@@ -20,7 +20,7 @@ import textwrap
 import requests
 import yaml
 
-PROJECTS_LIST = "http://git.openstack.org/cgit/openstack/governance/plain/reference/projects.yaml"  # noqa
+PROJECTS_LIST = "https://git.openstack.org/cgit/openstack/governance/plain/reference/projects.yaml"  # noqa
 
 
 def main():
@@ -44,7 +44,7 @@ def main():
     args = parser.parse_args()
 
     r = requests.get(args.project_list)
-    project_data = yaml.load(r.text)
+    project_data = yaml.safe_load(r.text)
 
     projects = args.project
     if not projects: