fix(security): use YAML core schema to prevent type coercion (#20857)

YAML 1.1 default schema silently coerces values like "on" to true and
"off" to false, which can cause unexpected behavior in frontmatter
parsing. Explicitly set schema: "core" to use YAML 1.2 rules that
only recognize true/false/null literals.

src/markdown/frontmatter.ts

@@ -34,7 +34,7 @@ function coerceFrontmatterValue(value: unknown): string | undefined {
 
 function parseYamlFrontmatter(block: string): ParsedFrontmatter | null {
   try {
-    const parsed = YAML.parse(block) as unknown;
+    const parsed = YAML.parse(block, { schema: "core" }) as unknown;
     if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
       return null;
     }