bump safety and pre-commit versions to resolve CVEs

[hholb]

Resolves: #654 #655

Overview

This PR bumps the pre-commit and safety versions to resolve some cves that got flagged in CI during #652

Discussion

Pre-commit worked fine with new version without any changes on my end.

Safety updated to a version that uses a new policy file format, as well as safety scan instead of safety check. This required setting up an API key. I ported the policy file over to the new format and it is working in my local setup.

I updated the CI workflow to use the new safety scan command and inject the API key.

Testing

Manually, and CI

---

📚 Documentation preview 📚: https://garden-ai--656.org.readthedocs.build/en/656/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.32%. Comparing base (fedf8a8) to head (8d4b7a1).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #656   +/-   ##
=======================================
  Coverage   40.32%   40.32%           
=======================================
  Files          30       30           
  Lines        1758     1758           
=======================================
  Hits          709      709           
  Misses       1049     1049           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[WillEngler]

Nice!