remove CVEs (#8092)

This PR aims to move all code with CVEs into `langchain.experimental`.
Note that we are NOT yet removing from the core `langchain` package - we
will give people a week to migrate here.

See MIGRATE.md for how to migrate

Zero changes to functionality

Vulnerabilities this addresses:

PALChain:
- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAIN-5752409
- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAIN-5759265

SQLDatabaseChain
- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAIN-5759268

`load_prompt` (Python files only)
- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAIN-5725807

libs/langchain/langchain/chains/pal/__init__.py

@@ -1,4 +1,6 @@
 """Implements Program-Aided Language Models.
 
 As in https://arxiv.org/pdf/2211.10435.pdf.
+
+TODO: deprecate
 """

libs/langchain/langchain/chains/sql_database/base.py

@@ -19,6 +19,7 @@ from langchain.utilities.sql_database import SQLDatabase
 INTERMEDIATE_STEPS_KEY = "intermediate_steps"
 
 
+# TODO: deprecate
 class SQLDatabaseChain(Chain):
     """Chain for interacting with SQL Database.
 

libs/langchain/langchain/prompts/loading.py

@@ -140,6 +140,7 @@ def _load_prompt_from_file(file: Union[str, Path]) -> BasePromptTemplate:
     elif file_path.suffix == ".yaml":
         with open(file_path, "r") as f:
             config = yaml.safe_load(f)
+    # TODO: deprecate this
     elif file_path.suffix == ".py":
         spec = importlib.util.spec_from_loader(
             "prompt", loader=None, origin=str(file_path)