chore: Update ruff, aiohttp, cryptography, urllib3, codecov-action; drop Python 3.8; replace Snyk with SCA scan

[kishore7snehil]

Changes

Python 3.8 Support Dropped

Python 3.8 reached end-of-life in October 2024. Several security-patched dependency versions (aiohttp, cryptography, urllib3) require Python >=3.9, making it impossible to keep 3.8 support while applying security fixes. The previous minimum (>=3.8) allowed installation on Python versions that can only resolve to vulnerable dependency versions.

• Changed python from ^3.8 to >=3.9.2,<4.0 (3.9.0 and 3.9.1 are excluded by cryptography due to known bugs in those patch releases)
• Removed Programming Language :: Python :: 3.8 classifier from pyproject.toml
• Updated README.md, v5_MIGRATION_GUIDE.md, and github_discussion_v5_announcement.md to reflect Python >=3.9

Dependency Updates

Python Dependencies - From Dependabot PRs

• Bump ruff from 0.11.5 to 0.15.8 (#806)
• Bump responses upper bound from <0.26.0 to <0.28.0 (#786)

Python Dependencies - From Security Review

• Update aiohttp from >=3.10.11 to >=3.11.18 - fixes multiple CVEs; previous minimum resolved to versions with known vulnerabilities on Python 3.8
• Update cryptography from >=43.0.1 to >=44.0.0 - fixes known vulnerabilities in older versions
• Update urllib3 from >=2.2.3 to >=2.3.0 - fixes known vulnerabilities; requires Python >=3.9

GitHub Actions

• Bump codecov/codecov-action from 5.5.1 to 6.0.0 (SHA pin updated) (#805)

CI Workflow Changes

• Added sca_scan.yml - new SCA scan using auth0/devsecops-tooling reusable workflow with requirements.txt
• Removed snyk.yml - replaced by the new sca_scan.yml reusable workflow
• Removed docs.yml - documentation build workflow removed
• Added .claude/ to .gitignore