CRASM-3496/3499/3501 - Dependency upgrades to resolve vulnerabilities across application

[jayjaybunce]

🗣 Description

Due to each step in the effort to upgrade dependencies across the application leading to some level of breaking changes, all changes for the effort are within this PR to ensure we did not merge breaking changes into develop.

Changes (by ticket)
CRASM-3496
Upgraded Dockerfile.python base image from python:3.11-slim to python:3.12-slim-trixie. Resolves multiple vulnerabilities at the OS level of the backend docker containers
Upgraded Dockerfile.worker base image from python:3.11-bullseye to python:3.12-slim-trixie. Resolves multiple vulnerabilities at the OS level of the worker docker containers.
*There are multiple vulnerabilities within the Dockerfile.pe setup which are not addressed with these changes. We should look to update and test Dockerfile.pe build and functionality to use the python:3.12-slim-trixie, as it is currently using an older node base image.

CRASM-3499 - Resolve backend dependency vuln issues
Python Module Upgrade Table

Package	Previous Version	New Version
Cryptography	44.0.1	46.0.1
Django	5.2.8	5.2.9
elasticsearch	7.9.0	7.17.12
sqlparse	0.5.2	0.5.4
zipp	3.16.1	3.19.1
pshtt (internal fork and update)	-	-

CRASM-3501 - Resolve worker dependency vuln issues
Python Module Upgrade Table

Package	Previous Version	New Version
Cryptography	44.0.1	46.0.1
h11	0.14.0	0.16.0
requests	2.24.1	2.32.4
sslyze	5.2.0	6.2.0
zipp	3.16.1	3.19.1
mitmproxy	10.0.1	12.0.0

Dependabot Upgrades
Bump Django
Bump react-markdown

💭 Motivation and context

Contains changes which relate to the following tickets
CRASM-3496 => Resolve Docker images to Python 3.12
CRASM-3499 => Resolve backend dependency vulnerability issues
CRASM-3501 => Resolve worker dependency vulnerability issues

🧪 Testing

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All future TODOs are captured in issues, which are referenced in code comments.
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.
• Bump major, minor, patch, pre-release, and/or build versions as appropriate via the bump_version script if this repository is versioned and the changes in this PR warrant a version bump.
• Create a pre-release (necessary if and only if the pre-release version was bumped).

✅ Pre-merge checklist

• Revert dependencies to default branches.
• Finalize version.

✅ Post-merge checklist

• Create a release (necessary if and only if the version was bumped).

[cduhn17]

This PR successfully addresses multiple security and stability concerns.

Security: The upgrades to sslyze, cryptography, and Django resolve known vulnerabilities.

Bug Fix: The fix for os.getenv in ecs_client.py prevents a definite runtime crash.

Compatibility: The logic updates in pshtt.py correctly handle the API changes in sslyze 6.x regarding hostname validation errors.