security: remediate urllib3 CVE-2026-44431/44432, release 0.2.1

[mjstealey]

Bump urllib3>=2.7.0 (transitive via requests) to fix two known vulnerabilities reported by pip-audit. Bump requests>=2.32.4 and raise minimum Python to 3.10 (required by urllib3 2.7.0). Update CI matrix to 3.10–3.13.