chore(deps): bump litellm to >=1.83.10 (sandbox-escape advisory) (#412)

## Summary

- Dependabot flagged `litellm 1.83.0` in `py/uv.lock` for a
sandbox-escape advisory in `POST /guardrails/test_custom_code`
(vulnerable range `>=1.81.8, <1.83.10`).
- Root cause: the `lint` dependency group declared `litellm` unpinned,
so `uv lock` picked `1.83.0` in that fork. The `test-litellm` matrix and
`test-crewai` group already pin `1.83.14`.
- Fix: add `litellm>=1.83.10` to the `lint` group in `py/pyproject.toml`
and re-run `uv lock`. The lockfile now only resolves `litellm==1.83.14`.

The large `uv.lock` diff is a one-time resolver re-balance under the new
constraint inside the conflict-fork structure; all new versions still
satisfy declared constraints and `uv lock --check` is clean.

## Test plan

- [ ] `cd py && uv lock --check` is clean
- [ ] `grep '^version = ' py/uv.lock` around `litellm` shows only
`1.83.14`
- [ ] CI green on the sharded nox matrix (`test_litellm`, `test_crewai`,
lint, static_checks)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Starfolk <noreply@starfolk.ai>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Abhijeet Prasad <abhijeet@braintrustdata.com>

Author: 4 people

py/pyproject.toml

@@ -210,7 +210,7 @@ lint = [
     "dspy",
     "google-adk",
     "google-genai",
-    "litellm",
+    "litellm>=1.83.10",
     "mistralai",
     "openai",
     "openai-agents",