fix: update pytest to resolve CVE-2025-71176

[dannyneira]

Summary

• Updates pytest from 9.0.2 to 9.0.3 for Python >=3.10 in uv.lock and requirements-dev.lock.
• Resolves direct development dependency alert CVE-2025-71176 / GHSA-6w46-j5rx-g56g for vulnerable tmpdir handling.
• No workarounds were applied; this is a direct lockfile update via uv lock --upgrade-package pytest and uv export -o requirements-dev.lock --no-hashes.

Vulnerability

• Advisory: GHSA-6w46-j5rx-g56g
• CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-71176
• Dependabot alert: https://github.com/warpdotdev/oz-sdk-python/security/dependabot/12
• Vulnerable range: < 9.0.3
• Patched version: 9.0.3
• Dependency relationship: direct development dependency

Verification

• uv pip check passed.
• uv build passed.
• ./scripts/lint passed after ./scripts/bootstrap synced optional extras.
• ./scripts/test passed across the configured Python/Pydantic matrix.
• uvx pip-audit -r requirements-dev.lock no longer reports pytest; it still reports unrelated existing alerts for idna and pygments.

Conversation: https://staging.warp.dev/conversation/7e33cb0c-8fe3-4bc3-afa9-45af1e6c5599
Run: https://oz.staging.warp.dev/runs/019e7ec3-8877-7357-802e-2403b45e5163
This PR was generated with Oz.