Security: Update dependencies to fix CVE vulnerabilities (#554)

* Security: Update dependencies to fix CVE vulnerabilities

- Update fastapi[standard] to >=0.116.0
- Update sentry-sdk[fastapi] to >=2.20.0 (major version upgrade)
- Migrate dev-dependencies from deprecated [tool.uv] to [dependency-groups]

CVEs addressed:
- CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 (urllib3)
- CVE-2025-69223 to CVE-2025-69230 (aiohttp)
- CVE-2025-54121, CVE-2025-62727 (starlette)
- CVE-2025-66221, CVE-2026-21860 (werkzeug)
- CVE-2025-68146, CVE-2026-22701 (filelock)

Verified with pip-audit: 0 vulnerabilities found.

* Security: Fix python-multipart CVE path traversal vulnerability

* Update python-multipart minimum version to 0.0.22 to address path traversal vulnerability in file uploads. Also reverted to tool.uv.dev-dependencies format to fix CI test execution issues.

Author: vprashrex

backend/pyproject.toml

@@ -4,8 +4,8 @@ version = "0.1.0"
 description = ""
 requires-python = ">=3.12,<4.0"
 dependencies = [
-    "fastapi[standard]<1.0.0,>=0.114.2",
-    "python-multipart<1.0.0,>=0.0.7",
+    "fastapi[standard]>=0.116.0",
+    "python-multipart>=0.0.22,<1.0.0",
     "email-validator<3.0.0.0,>=2.1.0.post1",
     "passlib[bcrypt]<2.0.0,>=1.7.4",
     "tenacity<9.0.0,>=8.2.3",
@@ -19,7 +19,7 @@ dependencies = [
     # Pin bcrypt until passlib supports the latest
     "bcrypt==4.0.1",
     "pydantic-settings<3.0.0,>=2.2.1",
-    "sentry-sdk[fastapi]<2.0.0,>=1.40.6",
+    "sentry-sdk[fastapi]>=2.20.0",
     "pyjwt<3.0.0,>=2.8.0",
     "boto3>=1.37.20",
     "moto[s3]>=5.1.1",