Python: pin transitive litellm to a safe wheel

[eavanvalkenburg]

Motivation and Context

Recent compromised litellm releases could be pulled in transitively by the Python workspace. This change makes the workspace resolve a known-good litellm wheel instead, so those compromised releases are never selected while the existing transitive dependency paths continue to work.

Description

This change updates the Python workspace dependency configuration to:

• pin transitive litellm resolution to 1.82.1 via root uv constraints
• source litellm from the known-good wheel URL in tool.uv.sources
• refresh python/uv.lock so the lockfile records that exact safe source

This keeps litellm indirect, but makes the selected artifact deterministic and safe.

Contribution Checklist

• The code builds clean without any errors or warnings
• The PR follows the Contribution Guidelines
• All unit tests pass, and I have added new tests where possible
• Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

[Copilot]

Pull request overview

Pins the Python workspace’s transitive litellm resolution to a specific, known-good wheel to prevent compromised releases from being selected during dependency resolution.

Changes:

• Added a workspace-level UV constraint to force litellm==1.82.1 (without making it a direct dependency).
• Overrode litellm’s source to a specific PyPI wheel URL via tool.uv.sources.
• Refreshed python/uv.lock so the lock records the URL-based source for litellm.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
python/pyproject.toml	Adds UV constraint + source override to pin litellm to a specific safe wheel artifact.
python/uv.lock	Records the resolved litellm package source as the pinned wheel URL and adds the corresponding constraint entry.