[BUG] detect-secrets can be incompatible with Python 3.12 due to deprecated boxsdk and six

[dnwe]

Describe the bug

Out of the box detect-secrets can be incompatible with Python 3.12 because the deprecated boxsdk being pulled in still uses six, an old compatibility library than needs to be at least 1.16.0 to be compatible with Python 3.12

├── boxsdk [required: Any, installed: 3.13.0]
│   ├── attrs [required: >=17.3.0, installed: 24.2.0]
│   ├── python-dateutil [required: Any, installed: 2.9.0.post0]
│   │   └── six [required: >=1.5, installed: 1.15.0]

To Reproduce
Steps to reproduce the behaviour (using uv here, but any venv + py312 install would work):

1. uv venv --python 3.12 && source .venv/bin/activate
2. uv pip install six==1.15.0 "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
3. detect-secrets scan .
4. Fails with stacktrace and error ModuleNotFoundError: No module named 'six.moves'

Expected behaviour
detect-secrets should continue to work on Python 3.12

Suggested fix

In the short term, adding an explicit dependency in setup.py on six>=1.6 should prevent the incompatibility
In the longer term, migrating plugin/box.py to use box/box-python-sdk-gen following the migration guide here would be a better option. Our sdk usage is minimal, just doing a login attempt with any encountered

Screenshots
If applicable, add screenshots to help explain your problem.

Impact
detect-secrets not remaining compatible with supported Python versions in the future