fix(deps): upgrade agents group dependencies to resolve security vulnerability

[rezabekf]

Issue number: Resolves Dependabot alert #23

Summary

Changes

Upgrade all agents dependency group packages to their latest versions, addressing a Dependabot security alert and keeping dependencies current:

Package	Previous	Updated
strands-agents-tools	>=0.2.11 (locked 0.2.19)	>=0.2.21 (security fix)
strands-agents	>=1.12.0 (locked 1.23.0)	>=1.27.0
bedrock-agentcore	>=1.0.7 (locked 1.2.0)	>=1.3.2
aws-opentelemetry-distro	>=0.12.1 (locked 0.14.2)	>=0.15.0

Notable transitive upgrades pulled in by aws-opentelemetry-distro:

• OpenTelemetry SDK/API 1.33 → 1.39
• protobuf 5.x → 6.x (includes CVE-2026-0994 fix)
• urllib3 security fixes (CVE-2025-66471, CVE-2026-21441)

Each dependency was upgraded individually and verified with the full test suite (139 unit tests) plus the report agent eval to confirm no regressions.

User experience

No user-facing changes. The agent behavior, tool usage, and report output remain identical. Under the hood, users benefit from:

• Resolution of the Dependabot security alert for strands-agents-tools
• Patched protobuf and urllib3 CVEs via the OTel upgrade
• Potentially improved trace sampling accuracy from OTel's adaptive sampling support and AlwaysRecordSampler fix

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.