[Aikido] Fix security issue in urllib3 via minor version upgrade from 2.2.3 to 2.6.3

[aikido-autofix]

Upgrade urllib3 to address critical security vulnerabilities involving decompression bombs, resource exhaustion, and potential redirect-based attacks.

✅ Code not affected by breaking changes.

No breaking changes from the urllib3 upgrade affect this codebase.

The codebase does not directly depend on urllib3 (it's not listed in pyproject.toml dependencies), and my searches found no usage of:

• HTTPResponse.getheaders() or HTTPResponse.getheader() methods

• ContentDecoder custom implementations

• Direct urllib3 imports or HTTPResponse object handling

Additionally, the project requires Python >=3.12 (as specified in pyproject.toml), so the removal of Python 3.8 support in urllib3 2.3.0 is not a concern.

While urllib3 may be a transitive dependency through packages like cookiecutter, this codebase does not directly interact with urllib3's API, making it immune to the breaking changes in version 2.6.3.

All breaking changes by upgrading urllib3 from version 2.2.3 to 2.6.3 (CHANGELOG)

Version	Description
2.3.0	Removed support for Python 3.8.
2.6.0	Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default).
2.6.0	The number of allowed chained encodings is now limited to 5, which may cause previously working requests with more than 5 chained Content-Encoding values to fail.
2.6.0	Custom decompressors must be updated to respect the changed API of urllib3.response.ContentDecoder.

✅ 5 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2025-66418	HIGH	[urllib3] Decompression chain vulnerability allows attackers to cause excessive CPU and memory consumption by manipulating compression steps, potentially enabling a resource exhaustion denial-of-service (DoS) attack through maliciously crafted HTTP responses.
CVE-2025-66471	HIGH	[urllib3] A vulnerability in the streaming API allows attackers to cause excessive resource consumption by sending highly compressed HTTP responses, potentially leading to DoS through CPU and memory exhaustion.
CVE-2026-21441	HIGH	[urllib3] Streaming API vulnerability allows malicious servers to trigger excessive resource consumption via decompression bombs in redirect responses, potentially causing DoS when streaming content from untrusted sources with redirects enabled.
CVE-2025-50181	MEDIUM	[urllib3] Redirect disabling vulnerability allows bypassing SSRF and open redirect protections. Attackers can manipulate redirect settings in PoolManager, potentially exposing applications to unintended request forwarding and security risks.
CVE-2025-50182	MEDIUM	[urllib3] Redirect handling vulnerability in browser/Node.js environments allows uncontrolled redirects, potentially enabling attackers to manipulate HTTP request flows and bypass intended security controls through unexpected redirection behavior.