build(deps): batch dependabot dependency updates

[timsaucer]

Which issue does this PR close?

N/A — this batches the remaining open Dependabot PRs (#1565, #1590, #1591, #1592, #1593) into one so they can be reviewed and merged together, as a follow-up to #1589.

Rationale for this change

Several Dependabot PRs remained open after #1589, including new security updates. Combining them into a single PR lets the updates land together with one CI run instead of repeatedly invalidating lockfiles.

What changes are included in this PR?

Cargo (Cargo.lock):

• uuid 1.23.2 -> 1.23.3 (build(deps): bump uuid from 1.23.2 to 1.23.3 #1565)

Python (uv.lock):

• filelock 3.18.0 -> 3.20.3 (build(deps): bump filelock from 3.18.0 to 3.20.3 #1590)
• virtualenv 20.31.2 -> 20.36.1 (build(deps): bump virtualenv from 20.31.2 to 20.36.1 #1591)
• jinja2 3.1.5 -> 3.1.6 (build(deps-dev): bump jinja2 from 3.1.5 to 3.1.6 #1592, security)
• setuptools 75.8.0 -> 78.1.1 (build(deps-dev): bump setuptools from 75.8.0 to 78.1.1 #1593, security)

Are there any user-facing changes?

No public API changes. These are build and dev/test dependency updates only, including security fixes for jinja2 and setuptools.

[ntjohnson1]

Nothing here looks terribly controversial.

However, it would be nice to update the dependabot config to avoid updating for ~7 days from release with all the breakages and security vulnerabilities that have been popping up lately. That makes it even easier to rubber stamp the updates