[try] fix possible XXE vulnerabilities

[xxxxxcat1]

拉取/合并请求描述：(PR description)

[

为什么提交这份PR (why to submit this PR)

The original code is subject to XXE attacks.

你的解决方案是什么 (what is your solution)

Add: from defusedxml.ElementTree import parse from defusedxml.common import DefusedXmlException Modified to: tree = parse('template_vs2005.vcproj', forbid_dtd=False, forbid_external=True)

当前拉取/合并请求的状态 Intent for your PR

必须选择一项 Choose one (Mandatory):

• [x] 本拉取/合并请求是一个草稿版本 This PR is for a code-review and is intended to get feedback
• [ ] 本拉取/合并请求是一个成熟版本 This PR is mature, and ready to be integrated into the repo

代码质量 Code Quality：

我在这个拉取/合并请求中已经考虑了 As part of this pull request, I've considered the following:

• [x] 已经仔细查看过代码改动的对比 Already check the difference between PR and old code
• [x] 代码风格正确，包括缩进空格，命名及其他风格 Style guide is adhered to, including spacing, naming and other styles
• [ ] 没有垃圾代码，代码尽量精简，不包含#if 0代码，不包含已经被注释了的代码 All redundant code is removed and cleaned up
• [ ] 所有变更均有原因及合理的，并且不会影响到其他软件组件代码或BSP All modifications are justified and not affect other components or BSP
• [ ] 对难懂代码均提供对应的注释 I've commented appropriately where code is tricky
• [ ] 代码是高质量的 Code in this PR is of high quality
• [ ] 已经使用formatting 等源码格式化工具确保格式符合RT-Thread代码规范 This PR complies with RT-Thread code specification
• [ ] 如果是新增bsp, 已经添加ci检查到.github/workflows/bsp_buildings.yml 详细请参考链接BSP自查

[CLAassistant]

All committers have signed the CLA.

[BernardXiong]

这涉及到漏洞层面的修改，针对的是Python脚本，还不知道影响面有多大。 @Rbb666 是否可以帮看看，或做些验证。而因为目前tools/vs.py位置有调整，看看这个问题后续如何来处理。谢谢！