[Dependent] Fix a security concern on request pip package

[XinRanZhAWS]

Issue description:
https://github.com/aws-observability/aws-application-signals-test-framework/security/dependabot/13
Description of changes:
Update ec2-requirements.txt on python sample app
Rollback procedure:
revert
<Can we safely revert this commit if needed? If not, detail what must be done to safely revert and why it is needed.>
yes
Ensure you've run the following tests on your changes and include the link below:

To do so, create a test.yml file with name: Test and workflow description to test your changes, then remove the file for your PR. Link your test run in your PR description. This process is a short term solution while we work on creating a staging environment for testing.

NOTE: TESTS RUNNING ON A SINGLE EKS CLUSTER CANNOT BE RUN IN PARALLEL. See the needs keyword to run tests in succession.

• Run Java EKS on e2e-playground in us-east-1 and eu-central-2
• Run Python EKS on e2e-playground in us-east-1 and eu-central-2
• Run metric limiter on EKS cluster e2e-playground in us-east-1 and eu-central-2
• Run EC2 tests in all regions
• Run K8s on a separate K8s cluster (check IAD test account for master node endpoints; these will change as we create and destroy clusters for OS patching)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[harrryr]

The reason I downgraded the request version is because requests 2.31.0 had some version conflict when being used with Python 3.8. I forgot what the exact conflict was, but before we merge this PR we will need to do some testing by

1. Uploading the python.zip to s3 in personal account
2. Running EC2 tests for each Python version (3.8, 3.9, 3.10, 3.11, 3.12)
3. Ensure that all tests pass

[XinRanZhAWS]

Dismiss this concern, have python version conflict and we have full control on our network workflow