fix: implement secure XML parsing in plugin readers

[RinZ27]

Description

This pull request implements secure XML parsing across several plugin readers, including AMF, X3D, 3MF Workspace, and XML Material Profile.

By default, the native Python xml.etree.ElementTree library is susceptible to XML External Entity (XXE) attacks because it does not disable entity expansion. I have implemented a "no-dependency" fix by explicitly configuring an ET.XMLParser with entity resolution disabled (parser.entity = {}). This ensures that user-supplied model and profile files are parsed safely without introducing new external requirements.

This improves the overall robustness of the application when handling untrusted files from external sources.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

The changes were verified by ensuring that the safe parser configuration correctly handles standard XML input while preventing the resolution of external entities. The logic follows established security best practices for the standard library's XML implementation.

Test Configuration:

• Operating System: Darwin (macOS)

Checklist:

• My code follows the style guidelines of this project
• I have read the Contribution guide
• I have commented my code, particularly in hard-to-understand areas

[github-actions]

Test Results

24 592 tests  ±0   24 590 ✅ ±0   51s ⏱️ -1s
     1 suites ±0        2 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 7712a19. ± Comparison against base commit 3b0ec14.