fix: restore security dep versions reverted by feat/conductor-clients-alias

The feat/conductor-clients-alias PR accidentally reverted security fixes
from fix/security-dependency-bumps: python >=3.9 (should be >=3.10),
requests >=2.31.0 (should be >=2.33.0), pytest ^8.4.1 (should be ^9.0.3),
and removed pygments >=2.20.0. This left filelock>=3.20.3 (Python >=3.10
only) in dev deps while the Python floor was 3.9, breaking poetry lock
and the Harness Worker Image build.

Restores all four security settings and regenerates poetry.lock.

Author: nthmost-orkes

poetry.lock

@@ -23,11 +23,11 @@ classifiers = [
 ]
 
 [tool.poetry.dependencies]
-python = ">=3.9"
+python = ">=3.10"
 certifi = ">=14.05.14"
 prometheus-client = ">=0.13.1"
 six = ">=1.10"
-requests = ">=2.31.0"
+requests = ">=2.33.0"
 typing-extensions = ">=4.2.0"
 astor = ">=0.8.1"
 shortuuid = ">=1.0.11"
@@ -45,12 +45,13 @@ pytest-cov = ">=4.1.0"
 ruff = "^0.12.0"
 pre-commit = "^4.2.0"
 setuptools = "^80.9.0"
-pytest = "^8.4.1"
+pytest = "^9.0.3"
+pygments = ">=2.20.0"
 filelock = ">=3.20.3"
 virtualenv = ">=20.36.1"
 
 [tool.ruff]
-target-version = "py39"
+target-version = "py310"
 line-length = 100
 src = ["src"]
 extend-exclude = [