Fix: Secondary Security Vulnerabilities (#138)

[HarshavardhanVemali]

Resolves #138.

This PR introduces fixes for the secondary security vulnerabilities reported:

1. RCE via eval(): Validated input using strict regular expressions in calculator_tools.py and claude_function_agent.py to mitigate arbitrary code execution risks.
2. Insecure Temp Directory: Replaced hardcoded /tmp with tempfile.gettempdir() in policy.py and tests.
3. Protocol Injection: Replaced urllib.request.urlopen with the requests library in call.py and sheets.py to mitigate protocol injection risks.

Testing completed:

• Syntax verified successfully across all modified Python files.
• Bandit confirms that B307, B108, and B310 vulnerabilities are resolved in the respective files.

---

GSSoC Labels Requested:

• level:advanced
• type:bug
• type:security
• quality:clean

[HarshavardhanVemali]

Hello Mentors / Maintainers! As per the GSSoC contribution guidelines, could you please review this PR and add the appropriate labels?

Suggested labels:

• level:advanced
• type:bug
• type:security

Once reviewed, please also consider adding the gssoc:approved and mentor:username labels so the contribution counts towards GSSoC. Thank you!

[gautammanak1]

Thanks for the contribution 🚀

The CI for this PR is currently failing. Please fix the following so we can move forward:

• changelog-check — add an entry to contributors/CHANGELOG.md (community agents) or root CHANGELOG.md
• format — run ruff format . and commit the result
• lint — run ruff check . --fix and resolve remaining warnings
• typecheck — fix the reported type errors
• stargazer-gate — please ⭐ star this repository (the gate passes once you've starred)

Once the checks are green it'll be ready for maintainer review. Let me know if you need any help! 🙌

[HarshavardhanVemali]

All CI pipeline issues have been resolved (formatting, linting, typechecking, and changelog updates). The repository has also been starred to pass the stargazer gate. This PR is ready for review!