Use JSON instead of pickle to avoid code injection

[emanuelb]

The settings loading use pickle.load method
https://github.com/firstlookmedia/autocanary/blob/master/autocanary/settings.py#L61

which from the documentation:
https://docs.python.org/3/library/pickle.html

The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

more information about how it can be exploited:
https://lincolnloop.com/blog/playing-pickle-security/

thus it will be better to use JSON instead for storing and loading the settings (to avoid the code injection security issue)