Optional :strings-only restriction

[tolitius]

There is a valid security concern to read configuration as EDN:

what if someone injects bad EDN that would steal all the money?

While in most cases it won't be a problem, in some cases, for example where apps eval pieces of configuration, it could be risky to "leave the door open".

Add an optional :strings-only restriction, which would read everything as strings, while still enjoying the hierarchy of EDN.