scm: disable embedded-ps and embedded-svg in -dsafe mode
This prevents executing privileged PostScript and exploiting Ghostscript vulnerablilities
Tested: $ lilypond -dsafe input/regression/les-nereides.ly (works, kinda)
$ cat f.ly { c4_ \markup \postscript #" (x) show " }
$ lilypond -dsafe f Preprocessing graphical objects.../home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: In procedure ly_make_stencil in expression (ly:make-stencil (list # #) (quote #) ...): /home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: Wrong type argument in position 1 (expecting registered stencil expression): (embedded-ps "