CVE-2025-54886: SKOPS Card.get_model happily allows arbitrary code execution

When using Card.get_model, skops allows for arbitrary code execution. This is due to the fact that Card.get_model allows both joblib and skops to be used for loading models, and as is well known, joblib allows for arbitrary code execution when loading objects. I do not know if this is intended or not, but I found this really concerning for a library that is founded on security. Even if intended, I kindly ask you to consider the security implications of this, disclose the potential implications through an advisory, and change the behavior of the function in future library versions (see below for possible fixes).