Security hardening and cleanup from full code review

- Remove pickle deserialization support (RCE vector)
- Validate message_type before formatting into schema registry URI
- Remove env var dump from Sentry exception reports
- Enforce TLS cert verification for non-default SSL protocols
- Fix stop_consumer not awaiting async shutdown() coroutine
- Fix reject() RuntimeError when no_ack=True during shutdown
- Fix STATE_PROCESSING collision with STATE_ACTIVE (0x04 -> 0x09)
- Fix GarbageCollectorMixin not reading settings from positional args
- Add UV_CONFIG_FILE=/dev/null to CI workflow
- Remove S301 ruff suppression (no longer needed without pickle)
- Delete stale files: .travis.yml, .codeclimate.yml, README.rst,
  requires/, init.d/
- Fix redundant import in tests/mocks.py

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: gmr

.codeclimate.yml

@@ -27,18 +27,24 @@ jobs:
 
       - name: Install dependencies
         run: uv sync --all-groups
+        env:
+          UV_CONFIG_FILE: /dev/null
 
       - name: Create build directory
         run: mkdir -p build
 
       - name: Lint Check
         run: uv run pre-commit run --all-files
+        env:
+          UV_CONFIG_FILE: /dev/null
 
       - name: Run tests
         run: |
           uv run coverage run
           uv run coverage report
           uv run coverage xml
+        env:
+          UV_CONFIG_FILE: /dev/null
 
       - name: Upload Coverage
         uses: codecov/codecov-action@v5

.github/workflows/testing.yaml

@@ -130,7 +130,7 @@ isort = { split-on-trailing-comma = false }
 max-complexity = 15
 
 [tool.ruff.lint.per-file-ignores]
-"*.py" = ["S101", "S301"]
+"*.py" = ["S101"]
 "rejected/consumer.py" = ["B904", "BLE001", "C901", "S506"]
 "rejected/process.py" = ["C901"]
 "examples.py" = ["S311"]