[Security] Add requirements lockfile for CI reproducibility

Adds requirements.in (extracted from setup.cfg install_requires + extras)
and a compiled requirements.txt with pinned versions and hashes,
generated by uv pip compile. This does not change the published
dependency ranges in setup.cfg — it only provides a lockfile for
deterministic CI builds and supply-chain auditability.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: SeanMeyer

requirements.in

@@ -0,0 +1,16 @@
+aiosonic>=0.24.0
+certifi
+ddtrace>=1.15.0
+glom
+jinja2
+mypy
+pytest-asyncio
+pytest-bdd==6.0.1
+pytest-randomly
+pytest-recording
+pytest<8.0.0
+python-dateutil
+types-python-dateutil
+typing-extensions>=4.0.0
+urllib3>=1.15
+zstandard