Use toolforge.load_private_yaml

And unpin the Toolforge dependency. The ~= 4.2 constraint dates back
to dffd1369fc, where I presumably just wanted to ensure that *at least*
this version was installed, but didn’t yet understand that semver
version ranges are not a good idea in Python and >= is preferable.

Note that we still need to include PyYAML in our requirements – the
toolforge library makes load_private_yaml available iff the yaml module
is available, but doesn’t depend on the library itself (it’s an optional
dependency).