Migrate to uv, fix Dependabot vulnerabilities, upgrade deps

[dimoschi]

Types of changes

What types of changes does your code introduce?
Put an x in the boxes that apply.

• Bugfix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality not to work as expected).
• Documentation Update (if none of the other choices applies).

Proposed changes

• Migrate from poetry to uv: Convert pyproject.toml to PEP 621 format, replace poetry.lock with uv.lock. Export requirements.txt for Dependabot compatibility.
• Fix Dependabot vulnerabilities: Pin aiohttp>=3.13.3 (8 alerts) and urllib3>=2.6.3 (3 alerts) as direct dependencies. The asyncmy critical alert (CVE-2025-65896) has no upstream fix, but the codebase is safe due to exclusive SQLAlchemy ORM usage (no raw SQL with user-controlled dict keys).
• Update Dockerfiles: Switch base image to astral/uv:python3.13-bookworm-slim, collapse to single build stage, replace poetry install with uv sync.
• Update CI workflows: Replace poetry with uv in test workflow. Add sync-requirements job to auto-export requirements.txt on lock changes. Pin all GitHub Actions to commit SHAs.
• Fix test compatibility: Add colors field to role mock data for py-cord 2.7.
• Upgrade safe dependencies: Bump prometheus-client (0.16->0.24), flake8-bugbear (23.12->24.12), pep8-naming (0.13->0.15), pre-commit (3.8->4.5).

Checklist

Put an x in the boxes that apply.

• I have read and followed the CONTRIBUTING.md
  doc.
• Lint and unit tests pass locally with my changes.
• I have added the necessary documentation (if appropriate).

Additional context

All 227 tests pass. Docker base image builds successfully. Remaining outdated packages (pydantic v1, pytest, fastapi, hypercorn, ipython, flake8) are held back by tight upper bounds and would require separate migration efforts.