chore(deps): upgrade locks for deprecated integration packages (#398)

## Summary
- Run `uv lock --upgrade` on `integrations/adk-py/uv.lock` and
`integrations/langchain-py/uv.lock`.
- Both packages are deprecated (`Development Status :: 7 - Inactive`,
READMEs direct users to install `braintrust` instead) but their
lockfiles still surface Dependabot alerts.
- Pulls upstream security fixes; closes ~43 of the open alerts in one
shot.

### adk-py — all 27 alerts close
Notable bumps past CVE fix versions:
- `google-adk` 1.27.0 → **1.32.0** (critical RCE, GHSA-rg7c-g689-fr3x)
- `authlib` 1.6.5 → **1.7.2** (closes 5 alerts incl. `alg:none` bypass
and JWE Bleichenbacher)
- `cryptography` 46.0.1 → **48.0.0**
- `urllib3` 1.26.20 → **2.6.3**
- `mcp` 1.20.0 → **1.27.0** (DNS rebinding)
- `gitpython`, `pyasn1`, `python-multipart`, `pyjwt`, `protobuf`,
`sqlparse`, `pygments`, `python-dotenv`, `pytest` all bumped past their
fix versions.

### langchain-py — ~16 of 23 alerts close
Cleared: `cryptography`, `gitpython`, `urllib3`, `requests`, `orjson`,
`pygments`, `pytest`, `filelock`, `virtualenv`, `langsmith`,
`python-dotenv`, plus the aiohttp/cryptography clusters.

Will **not** clear without further work: `langchain-core`, `langgraph`,
`langgraph-checkpoint`, `langchain-text-splitters`, `langchain-openai` —
fixes are all gated on the LangChain 1.x major bump, but
`pyproject.toml` pins `langchain>=0.3.27` and the resolution stays in
0.3.x. Recommend dismissing those as "won't fix, deprecated package" or
deleting the lockfile entirely as a follow-up.

## Test plan
- [ ] CI passes (lockfile-only change; no source edits).
- [ ] Confirm Dependabot rescans and closes the expected alerts after
merge.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Abhijeet Prasad <abhijeet@braintrustdata.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: 3 people