fix(deps): upgrade aiohttp to 3.13.5 to fix security vulnerabilities

Addresses:
- GHSA-w2fm-2cpv-w7v5: unlimited trailer headers (moderate)
- GHSA-p998-jp59-783m: UNC SSRF/NTLMv2 credential theft (moderate)
- GHSA-m5qp-6w8w-w647: multipart header size bypass (moderate)
- GHSA-c427-h43c-vf67: duplicate Host headers (moderate)
- GHSA-hcc4-c3v8-rx92: DoS via unbounded DNS cache (low)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: gkorland