fix(api): bump cryptography to 46.0.7 in api/poetry.lock (follow-up to #10978)

[HugoPBrito]

Context

Stacked follow-up to #10978 (`fix: patch CVE-2026-39892 and CVE-2026-33186 across SDK, API and MCP images`). It closes the remaining piece of CVE-2026-39892 in the API container image: bumping the transitive `cryptography` pin in `api/poetry.lock` from `46.0.6` to `46.0.7`.

This had to be split because `api/pyproject.toml` resolves the `prowler` SDK from `git+https://github.com/prowler-cloud/prowler.git@master\`. Until #10978 merges, master keeps `cryptography==46.0.6` and Poetry refuses to lock `46.0.7` in api/ (constraint conflict). After #10978 merges, `poetry lock` in `api/` resolves `46.0.7` cleanly via the new `prowler@master` pin — no other change required.

Description (planned, after #10978 merge)

• `cd api && poetry lock`
• Push the regenerated `api/poetry.lock` (cryptography `46.0.6` → `46.0.7` plus any transitive shifts)
• Mark this PR ready for review

The `api/CHANGELOG.md` entry under `### 🔐 Security` of the `1.27.0` UNRELEASED block is already in place from this PR's first commit.

Steps to review (after lock regen)

1. `git diff master -- api/poetry.lock api/CHANGELOG.md`
2. `grep -A1 '^name = "cryptography"' api/poetry.lock` → `46.0.7`
3. Build the API image and verify: `docker build -f api/Dockerfile -t prowler-api-cve api && docker run --rm prowler-api-cve python -c "import cryptography; print(cryptography.version)"` → `46.0.7`

Why a stacked PR

Per the "linear progression" requested by the security review: keeping the api/ lock change in its own PR makes it explicit that:

1. SDK + Trivy + MCP fixes (fix: patch CVE-2026-39892 and CVE-2026-33186 across SDK, API and MCP images #10978) merge first.
2. The api/ cryptography pin then auto-resolves via the SDK's new pin and is recorded in this PR's `api/poetry.lock`.

GitHub will retarget this PR's base from `fix/sdk-cves-cryptography-trivy` to `master` automatically once #10978 merges.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me

• Are there new checks included in this PR? No
• Review if the code is being covered by tests.
• Review if backport is needed.
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Endpoint response output (if applicable) — N/A, lockfile-only change
• Verify if API specs need to be regenerated. — Not needed
• Ensure new entries are added to api/CHANGELOG.md

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[HugoPBrito]

Superseded by #10978: the api/poetry.lock cryptography bump (CVE-2026-39892) is now included directly in #10978 via a temporary prowler git ref pin, so this stacked follow-up is no longer needed.