fix(spanner_dbapi): replace insecure pickle with json for partition deserialization

[sinhasubham]

This PR resolves a critical Insecure Deserialization vulnerability (potential Remote Code Execution) in the spanner_dbapi module b/510871112 . Previously, the module utilized pickle.loads() to decode partition IDs provided by users via the RUN PARTITION statement, creating a possibility for arbitrary code execution attack payloads.
We have fully eliminated pickle usage in this module and migrated to standard json serialization.

[gemini-code-assist]

Code Review

This pull request replaces the use of pickle with json for serializing and deserializing partition IDs to mitigate security risks associated with insecure deserialization. It introduces _serialize_value and _deserialize_value helper functions to handle specific types like bytes, datetime, and protobuf messages. Review feedback points out that MessageToDict defaults to camelCase, which could break compatibility with code expecting snake_case, and suggests using preserving_proto_field_name=True. Additionally, the reviewer noted that protobuf messages are currently deserialized as dictionaries rather than original message objects, which may lead to issues with nested field types.