fix: remediate high & critical Dependabot and Wiz vulnerabilities

[pkaeding]

Summary

Adds guzzlehttp/psr7: >=2.10.2 as an explicit direct dependency to enforce a minimum safe version, remediating two open Dependabot/Wiz alerts:

• CRLF Injection via URI Host Component (guzzlehttp/psr7 < 2.10.2)
• Host Confusion via Authority Reinterpretation (guzzlehttp/psr7 < 2.10.2)

guzzlehttp/psr7 is a transitive dependency of guzzlehttp/guzzle. Since Composer has no override mechanism, adding it as a direct requirement with a version floor is the standard approach to prevent resolution of vulnerable versions.

Verified via composer install that dependencies resolve to guzzlehttp/psr7@2.11.0 and the app runs correctly.

Link to Devin session: https://app.devin.ai/sessions/e07439e1d3664b9dbfebd4ba7954a13c
Requested by: @pkaeding

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring