Use defusedxml for xml parsing, only parse one in proj creation

[spwoodcock]

What type of PR is this? (check all applicable)

• 🍕 Feature
• 🐛 Bug Fix
• 📝 Documentation Update
• 🎨 Style
• 🧑‍💻 Code Refactor
• 🔥 Performance Improvements
• ✅ Test
• 🤖 Build
• 🔁 CI
• 📦 Chore (Release)
• ⏩ Revert

Describe this PR

• We were parsing XML directly from the user previously.
• This opens up FMTM to a whole host of exploits and is bad security.
• Using the defusedxml package is a drop in replacement for Python standard lib xml.
• It removes potential security threats.
• I also refactored to make the XForm parsing logic more modular.
• We now only parse the XLSForm once during project creation, then pass through the data to the task creation.
• This should hopefully prevent issues of filesystem conflicts between API replicas etc.

Affects the form validity check during project creation, and the file form parsing in generate-project-files.

Checklist before requesting a review

• 📖 Read the FMTM Contributing Guide: https://github.com/hotosm/fmtm/blob/main/CONTRIBUTING.md
• 📖 Read the FMTM Code of Conduct: https://github.com/hotosm/fmtm/blob/main/CODE_OF_CONDUCT.md
• 👷‍♀️ Create small PRs. In most cases, this will be possible.
• ✅ Provide tests for your changes.
• 📝 Use descriptive commit messages.
• 📗 Update any related documentation and include any relevant screenshots.

[optional] What gif best describes this PR or how it makes you feel?