ci: use uv for test dependency setup

[nyxst4ck]

Summary

• install and cache uv across the Python CI jobs that install dependencies
• run lint, test, security, and build commands through uv while preserving the existing CI gates
• refresh uv.lock for patched idna, pygments, pytest, and starlette versions required by the security audit

Change type

• CI / dependency tooling

Validation

• actionlint .github/workflows/ci.yml
• uv sync --frozen --extra dev --python 3.11
• uv run ruff check --output-format=github .
• uv run ruff format --check .
• uv run pytest --cov=openmed --cov-report=xml --cov-report=term-missing (1604 passed, 22 skipped)
• uv run --with 'bandit[toml]' bandit -r openmed -f json -o bandit-report.json --exit-zero
• uv run --with 'bandit[toml]' bandit -r openmed --severity-level high --confidence-level medium
• uv run --with pip-audit --with 'requests>=2.33.0' --with 'urllib3>=2.7.0' python scripts/security/pip_audit_gate.py
• uv run --with build python -m build

Closes #4

[maziyarpanahi]

Thanks @nyxst4ck for putting this together.

I reviewed issue #4, the issue comment, the PR body, PR comments/reviews, branch state, and checks. The issue is broader than only the test matrix, so I added a maintainer follow-up commit to make the CI migration consistent enough to close the issue on merge.

What changed:

• extended setup-uv, uv sync, and uv run usage across lint, test, security, and build jobs in .github/workflows/ci.yml
• kept the existing CI gates intact: Ruff, pytest coverage, Bandit, pip-audit, and package build
• refreshed uv.lock for patched idna, pygments, pytest, and starlette versions so the stricter audit path passes
• updated the PR body with current validation and Closes #4

Validation run locally:

• actionlint .github/workflows/ci.yml
• uv sync --frozen --extra dev --python 3.11
• uv run ruff check --output-format=github .
• uv run ruff format --check .
• uv run pytest --cov=openmed --cov-report=xml --cov-report=term-missing (1604 passed, 22 skipped)
• uv run --with 'bandit[toml]' bandit -r openmed -f json -o bandit-report.json --exit-zero
• uv run --with 'bandit[toml]' bandit -r openmed --severity-level high --confidence-level medium
• uv run --with pip-audit --with 'requests>=2.33.0' --with 'urllib3>=2.7.0' python scripts/security/pip_audit_gate.py
• uv run --with build python -m build

Issue #4 has no labels right now, so there were no labels to copy onto the PR. The PR is currently clean and mergeable against master; GitHub has not attached checks to the new head SHA yet, and the previous failing CI run belonged to the old head commit.

[nyxst4ck]

Thanks for taking this over the finish line and broadening the CI migration across the remaining jobs. I reviewed your follow-up summary and the current PR state; nothing else needed from me at this point.