CORE-780: pin urllib3>=2.7.0 for Dependabot high alerts (#2229)

Adds an explicit `urllib3>=2.7.0,<3.0.0` constraint to pyproject.toml
to address two open Dependabot high-severity alerts. urllib3 is a
transitive dep (via `requests` and `boto3`), and without a lock file
this constraint is the canonical way to ensure consumers install the
fixed version.

CVEs addressed:
- GHSA-mf9v-mfxr-j63j: Decompression-bomb safeguards bypassed in
  parts of the streaming API (vulnerable >=2.6.0,<2.7.0)
- urllib3: Sensitive headers forwarded across origins in proxied
  low-level redirects (vulnerable >=1.23,<2.7.0)

[run-e2e]

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: NoyaArie

pyproject.toml

@@ -27,6 +27,7 @@ python = ">=3.10,<3.14"
 click = ">=7.0,<9.0"
 dbt-core = ">=1.8,<2.0.0"
 requests = ">=2.28.1,<3.0.0"
+urllib3 = ">=2.7.0,<3.0.0"
 beautifulsoup4 = "<5.0.0"
 ratelimit = "*"
 posthog = "<3.0.0"