Add assert_private_file() and load_private_yaml()

The assert_private_file() decorator can be used on any function that reads structured data from a stream, and asserts that, if it is called on a file, that file is not world-readable. (Group-readable is okay, since we assume the file is owned by the tool’s group.) If PyYAML is installed, we additionally define load_private_yaml(), which directly applies this decorator to yaml.safe_load(); functions for other data formats can be added later if anyone asks for them.

Bug: T333728