fix(deps): pin minimum safe versions in requirements.txt to fix Snyk dashboard alerts

Snyk platform was resolving unpinned deps to old vulnerable versions.
All minimum versions match current production installs (from requirements-lock.txt).
Key security fixes reflected:
- PyJWT>=2.13.0 (fixes CWE-287 Improper Authentication, CWE-326, CWE-347)
- python-multipart>=0.0.32 (fixes CWE-22 Directory Traversal, CWE-770)
- fastapi>=0.136.3 (fixes CWE-1333 ReDoS)
- requests>=2.34.2 (fixes CWE-201, CWE-377, CWE-670)
- lxml>=6.1.1 (fixes CWE-611 XXE Injection)

backend/requirements.txt

@@ -1,30 +1,31 @@
-fastapi
+fastapi>=0.136.3
-uvicorn[standard]
+uvicorn[standard]>=0.49.0
-sqlalchemy
+sqlalchemy>=2.0.50
-psycopg2-binary
+psycopg2-binary>=2.9.12
-alembic
+alembic>=1.18.4
-PyJWT
+PyJWT>=2.13.0
-passlib[bcrypt]
+passlib[bcrypt]>=1.7.4
 bcrypt==4.0.1
-boto3
+boto3>=1.43.0
-apscheduler
+apscheduler>=3.11.0
-requests
+requests>=2.34.2
-pyyaml
+pyyaml>=6.0.3
-toml
+toml>=0.10.2
-taxii2-client
+taxii2-client>=2.3.0
-python-multipart
+python-multipart>=0.0.32
-pydantic-settings
+pydantic-settings>=2.14.0
-slowapi
+slowapi>=0.1.9
-defusedxml
+defusedxml>=0.7.1
-redis>=5.0.0
+redis>=8.0.0
-atlassian-python-api>=4.0.0
+atlassian-python-api>=4.0.7
-tempo-api-python-client>=0.8.0
+tempo-api-python-client>=0.12.0
-weasyprint>=62.0
+weasyprint>=69.0
-docxtpl>=0.18.0
+docxtpl>=0.20.2
-python3-saml>=1.15.0
+python3-saml>=1.16.0
+lxml>=6.1.1
 
 # Testing
 pytest
 pytest-asyncio
-httpx
+httpx>=0.28.0
 fakeredis>=2.23.0