chore(deps): bump langchain-openai to 1.1.14 (SSRF advisory) (#421)

## Summary
- Bumps `langchain-openai` from `1.1.13` to `1.1.14` in the
`test-langchain` dependency group to address an SSRF / DNS-rebinding
advisory in `_url_to_size()` (used by the OpenAI image-token counter).
The pre-1.1.14 code validated the URL and then performed a separate
`httpx.get` with independent DNS resolution, opening a TOCTOU window.
1.1.14 replaces this with an SSRF-safe transport that pins the
connection to the validated IP.
- Practical impact for callers of this SDK is limited (the response body
is passed straight to Pillow and never surfaced), but the pin should
still move forward.
- `py/uv.lock` refreshed via `uv lock`.

## Test plan
- [x] `uv lock --check` — clean
- [x] Langchain integration tests pass on `latest` with
`langchain-openai==1.1.14`: `pytest
src/braintrust/integrations/langchain/test_callbacks.py test_context.py
test_anthropic.py` → 16 passed, 1 skipped (cassettes replay; no
re-recording needed)
- [x] Verified the patched `_url_to_size` source uses
`_get_ssrf_safe_client()` rather than the old validate-then-fetch
pattern
- [ ] CI matrix: `test_langchain(latest)` and `test_langchain(0.3.28)`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Abhijeet Prasad <abhijeet@braintrustdata.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: 3 people

py/pyproject.toml

@@ -152,7 +152,7 @@ test-pydantic-ai-logfire = [
 
 test-langchain = [
     {include-group = "test"},
-    "langchain-openai==1.1.13",
+    "langchain-openai==1.1.14",
     "langchain-anthropic==1.4.0",
     "langgraph==1.1.6",
 ]