Prepare Python SDK v2 runtime refresh

[kvz]

Why

The current Python 3.9 runtime floor forces this SDK to keep vulnerable locked dependency versions around, including the requests/urllib3 HTTP stack and the pytest/filelock test toolchain. Python 3.9 is EOL, and several documentation/tooling lines have also moved past the older floors, so this is a good reason to make the next release a focused major instead of continuing to carry vulnerable compatibility state.

What changed

• Bumped the package to 2.0.0 and raised the supported runtime floor from Python 3.9+ to Python 3.12+.
• Required patched HTTP stack floors: requests >=2.33,<3 and urllib3 >=2.7,<3.
• Refreshed the lockfile so it resolves to requests 2.34.2, urllib3 2.7.0, pytest 9.0.3, filelock 3.29.0, Sphinx 9.1.0, and sphinx-autobuild 2025.8.25 without old-runtime duplicate/backport entries.
• Updated the CI/local matrix to Python 3.12, 3.13, and 3.14, with coverage/E2E parity on 3.14.
• Upgraded CI actions and local tooling: Poetry 2.4.1, Node.js 24, Codecov v6, upload-artifact v7, setup-* v6, checkout v6, and CodeQL v4.
• Migrated package metadata to modern [project] metadata so poetry check is clean on Poetry 2.
• Updated README, Sphinx docs, release instructions, changelog, Docker helper defaults, and tox config.
• Fixed the Docker helper to avoid creating a Linux .venv in the host checkout and to avoid forcing linux/amd64 on Apple Silicon unless DOCKER_PLATFORM is explicitly set.

Security alerts covered

• urllib3 high alert #104: fixed by urllib3 2.7.0.
• urllib3 high alert #103: fixed by urllib3 2.7.0.
• pytest medium alert #102: fixed by pytest 9.0.3.
• requests medium alert #87: fixed by requests 2.34.2.
• filelock medium alert #81: fixed by filelock 3.29.0.
• filelock medium alert #68: fixed by filelock 3.29.0.

Not bundled

• Asyncio support from Add Asyncio support #9 is valuable, but it is a separate API design task and should not block this security/runtime major.

Verification

• poetry check
• poetry install
• poetry run pytest tests
• poetry run sphinx-build -E -b html docs/source docs/_build/html
• poetry run tox -e py314
• poetry build
• bash -n scripts/test-in-docker.sh scripts/notify-registry.sh
• git diff --check
• ./scripts/test-in-docker.sh --python 3.12
• ./scripts/test-in-docker.sh --python 3.14
• GitHub CI: green on Ubuntu/Windows for Python 3.12, 3.13, 3.14, plus python-e2e.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.60%. Comparing base (5b3fb00) to head (89a52c3).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #56   +/-   ##
=======================================
  Coverage   86.60%   86.60%           
=======================================
  Files           7        7           
  Lines         209      209           
  Branches       19       19           
=======================================
  Hits          181      181           
  Misses         28       28           

Flag	Coverage Δ
unittests	86.60% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.