security: deps: bump python-dateutil, pytest, pytest-cov; replace safety with pip-audit — VC-53657

[SahilWikhe-sw]

Summary

• SC-004: Bump python-dateutil from 2.8.2 to 2.9.0.post0 (outdated, CWE-1104)
• SC-002: Replace EOL safety 2.3.5 with pip-audit 2.10.1 (CWE-1104)
• SC-005: Bump pytest from 7.4.3 to 8.4.2 and pytest-cov from 4.1.0 to 7.1.0 (outdated dev deps, CWE-1104)
• SC-001 (pynacl 1.5.0): Skipped — 1.5.0 is the latest release on PyPI; replacement with cryptography requires code refactoring of SealedBox/PublicKey usage across 5 source files

Changes

Dependency	From	To	Finding
python-dateutil	2.8.2	2.9.0.post0	SC-004
safety	2.3.5	(removed)	SC-002
pip-audit	(new)	2.10.1	SC-002
pytest	7.4.3	8.4.2	SC-005
pytest-cov	4.1.0	7.1.0	SC-005

Lockfiles (requirements.txt, requirements-build.txt) regenerated via pip-compile --generate-hashes. setup.py install_requires updated to match.

Verification

• build_passed: true (pip install -e . succeeds)
• tests_passed: false (pre-existing — all 5 test collection errors are due to missing TPP environment variables, not a regression from this change)
• SC-001 (pynacl) deferred: no newer release exists; replacing requires refactoring SealedBox/PublicKey usage in vcert/vaas_utils.py, ssh_utils.py, connection_tpp_abstract.py, connection_cloud.py, common.py