Restrict poetry lock churn to security bumps

Restore chart_data_extractor/poetry.lock to its Poetry 2.1.1 form
(matches main; pydantic stays at 2.9.2). Rebuild python/poetry.lock
from main with poetry lock --no-update + targeted poetry update for
the vulnerable packages, so runtime deps (attrs, e2b, httpx) stay on
their existing pins instead of pulling latest.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: mishushakov