security: update protobuf to 6.33.5 (#167)

## Summary
- Updates `protobuf` from 6.33.4 to 6.33.5
- Fixes CVE-2026-0994 (HIGH severity)

## Vulnerability Details
**JSON recursion depth bypass in protobuf**

Protobuf was affected by a JSON recursion depth bypass vulnerability.

## Test plan
- [x] Verify CI passes
- [x] Confirm protobuf version is 6.33.5 in lock file

🤖 Generated with [Claude Code](https://claude.ai/code)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update protobuf to 6.33.5 to patch CVE-2026-0994 (JSON recursion depth
bypass). No runtime code changes; security-only dependency update.

- **Dependencies**
  - Bumped protobuf from 6.33.4 to 6.33.5 in uv.lock.
  - Removed accidentally added poetry.lock to keep uv-only setup.

<sup>Written for commit 1fe7139.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: rchampourlier