Non-fork - Use updated pattern from avoid-pyyaml-load in B506

What does this MR do?

Based on !237 (closed) (since pipelines don't run on community forks) with the following changes:

• Updated the rule with the latest changes in gitlab-org/security-products/sast-rules!140 (merged)
• Updated the fixtures to specify the yaml.Loader positional arg.
• Updated the expectations using Craig's script: !233 (merged)
• Updated the raw passthrough fixture which was using the B506 rule as the custom rule, with the improved version of the rule.
• Updated the changelog and fixed the ordering of the previous two entries.

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer