chore(security): fix Dependabot security vulnerabilities

[hubcio]

picomatch <4.0.4 allowed method injection in POSIX
character classes causing incorrect glob matching
(GHSA alert #160). brace-expansion <5.0.5 allowed
zero-step sequences to hang the process.

Also bumps testcontainers-go v0.32.0 -> v0.41.0
(and transitives: docker/docker v28.5.2,
golang.org/x/crypto v0.48.0, klauspost/compress
v1.18.2).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.73%. Comparing base (52b1986) to head (b41116e).

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #3087   +/-   ##
=========================================
  Coverage     70.73%   70.73%           
  Complexity      943      943           
=========================================
  Files          1114     1114           
  Lines         94674    94674           
  Branches      71874    71874           
=========================================
  Hits          66968    66968           
  Misses        25234    25234           
  Partials       2472     2472           

Components	Coverage Δ
Rust Core	70.83% <ø> (ø)
Java SDK	62.30% <ø> (ø)
C# SDK	69.40% <ø> (ø)
Python SDK	81.43% <ø> (ø)
Node SDK	91.53% <ø> (ø)
Go SDK	38.97% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.