Replaced eval() with ast.literal_eval() for secure conversions

[whokilleddb]

What does this PR do?

The PR fixes a security vulnerability which allows for executing arbitrary code on the target system in the context of the user running the program. The attacker can execute commands on the target OS running the operating system by setting the PL_TRAINER_GPUS when using the Trainer module.

Before:

• In pytorch_lightning/utilities/argeparse.py at Line 124

        if not (val is None or val == ""):
            # todo: specify the possible exception
            with suppress(Exception):
                # converting to native types like int/float/bool
                val = eval(val)

• After:

        if not (val is None or val == ""):
            # todo: specify the possible exception
            with suppress(Exception):
                # converting to native types like int/float/bool
                val = literal_eval(val)
            env_args[arg_name] = val

Before submitting

• [x ] Was this discussed/approved via a GitHub issue? (not for typos and docs)
• [ x] Did you read the contributor guideline, Pull Request section?
• [ x] Did you make sure your PR does only one thing, instead of bundling different changes together?
• [ x] Did you make sure to update the documentation with your changes? (if necessary)
• Did you write any new necessary tests? (not for typos and docs)
• [ x] Did you verify new and existing tests pass locally with your changes?
• Did you list all the breaking changes introduced by this pull request?
• Did you update the CHANGELOG? (not for typos, docs, test updates, or internal minor changes/refactorings)

PR review

Anyone in the community is welcome to review the PR.
Before you start reviewing make sure you have read Review guidelines. In short, see the following bullet-list:

• Is this pull request ready for review? (if not, please submit in draft mode)
• Check that all items from Before submitting are resolved
• Make sure the title is self-explanatory and the description concisely explains the PR
• Add labels and milestones (and optionally projects) to the PR so it can be classified

PS: This vulnerability was first disclosed on huntr.dev

[whokilleddb]

Hi @carmocca, as per our discussion on huntr.dev, can you please review the fix and mark the fix on huntr.dev accordingly? Thank You 😃

[carmocca]

Will do! Just needs to be merged first.