fix(deps): bump pygments to >=2.20.0 for ReDoS CVE

[sergioestebance]

Summary

• Adds pygments>=2.20.0 to [tool.uv] constraint-dependencies in python/pyproject.toml
• Fixes Dependabot alert fix: allow judge discovery tools before forced verdict on large traces #251: Regular Expression Denial of Service (ReDoS) due to inefficient regex for GUID matching

Production impact

None. Pygments is a transitive dependency pulled in by Rich and pytest. Production code only uses Rich's console/spinner/text features — no syntax highlighting or Pygments lexers are invoked. No untrusted input flows through Pygments' regex engine.

Test plan

• uv lock resolves pygments to 2.20.0
• No changes to direct dependencies

[github-actions]

Automated low-risk assessment

This PR was evaluated against the repository's Low-Risk Pull Requests procedure and does not qualify as low risk.

The PR modifies dependency constraints and the lockfile to bump the third‑party package Pygments to 2.20.0 to address a ReDoS CVE. Changes to dependency versions/lockfiles affect external third‑party code and runtime behavior and are not covered by the allowed low‑risk categories, so this should follow the normal review process despite the author’s note about limited production impact.

This PR requires a manual review before merging.