Bump vulnerable deps flagged by Dependabot

* lxml 6.0.2 -> 6.1.0 (XXE in iterparse/ETCompatXMLParser defaults, GHSA high)
* authlib 1.6.9 -> 1.7.0 (CSRF when using cache)
* cryptography 46.0.6 -> 46.0.7 (buffer overflow on non-contiguous buffers)
* pytest 9.0.2 -> 9.0.3 (tmpdir handling)
* pygments 2.19.2 -> 2.20.0 (ReDoS in GUID regex) — relaxed docs-group pin from <2.20

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: rustyconover

pyproject.toml

@@ -173,7 +173,7 @@ docs = [
     "mkdocstrings[python]>=0.27",
     "mkdocs-section-index>=0.3",
     "mkdocs-d2-plugin>=1.4",
-    "pygments>=2.19,<2.20",
+    "pygments>=2.20",
 ]
 dev = [
     "aioresponses>=0.7",