Upgrade spotbugs and pitest-maven to latest patch versions

[bernardladenthin]

Summary

• Upgrade spotbugs from 4.9.8.3 to 4.9.8.4
• Upgrade pitest-maven from 1.25.3 to 1.25.4
• Update documentation and Dependabot configuration to enforce jqwik version pinning

Test plan

• CI is green on this branch
• Docs updated where applicable

Related issues / PRs

None

Checklist

• I have read CONTRIBUTING.md and CODE_OF_CONDUCT.md
• My commits follow Conventional Commits
• No security-sensitive changes

Notes

The spotbugs and pitest-maven upgrades are routine patch version bumps with no breaking changes. The Dependabot configuration change adds an ignore rule to block all net.jqwik updates (every version, including patches) due to the anti-AI prompt-injection policy documented in the README. This prevents accidental upgrades past jqwik 1.9.3, which is the last pre-disclosure release before the library added prompt-injection strings targeting AI agents in test output.

https://claude.ai/code/session_01XEjgThAas1gQV65HK6kSqM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud