Fix 30 Dependabot security alerts in whatsapp bot requirements

[connortreacy]

Summary

• Bumps 6 vulnerable packages to patched versions in end-to-end-use-cases/whatsapp_llama_4_bot/requirements.txt: aiohttp>=3.13.4, urllib3>=2.6.3, starlette>=0.49.1, requests>=2.33.0, filelock>=3.20.3, Pygments>=2.20.0
• Bumps fastapi>=0.125.0 and httpcore>=1.0.9 for compatibility with the new starlette and h11 versions
• Relaxes transitive dependency pins (== → >=) to avoid conflicts when parent packages resolve to newer versions

Addresses all 30 open Dependabot alerts (5 high, 13 medium, 12 low), covering CVEs for zip bombs, DoS, SSRF, credential leaks, request smuggling, and more.

Test plan

• Verified dependency resolution with pip install --dry-run in an isolated venv — no conflicts
• Reviewed all 4 source files — no API changes needed, all use stable interfaces
• Confirm Dependabot alerts clear after merge

[connortreacy]

The "Execute workload on GHA CPU Runner" failure is pre-existing and unrelated to this PR. The error is:

ImportError: cannot import name 'is_ccl_available' from 'accelerate.utils'

This comes from src/llama_cookbook/utils/train_utils.py:25 — a compatibility issue with a newer version of the accelerate library. It affects test_finetuning.py and test_train_utils.py, neither of which are related to the whatsapp bot requirements changed here.