Complete all deferred hardening items

1. PII in git: Removed 324MB AI/ directory (1012 files of user workout
   data) from git history via git-filter-repo. Added AI/ to .gitignore.

2. Python 3.9 EOL: Upgraded Dockerfile from python:3.9.13 to
   python:3.12-slim. Added build-essential and libpq-dev for C
   extension compilation. Changed netcat to netcat-openbsd (slim compat).

3. Stale dependencies: Updated all packages from 2023 pins to latest
   compatible versions. Django 4.2→5.2 LTS, celery 5.3→5.4+,
   gunicorn 20→23+, redis 4.6→5.0+, DRF 3.14→3.15+, whitenoise 6.4→6.7+,
   debug-toolbar 4.1→4.4+. Switched to >= ranges with upper bounds on
   major versions for celery, kombu, redis, and Django.

4. Retry loop cap: Reduced FINAL_CONFORMANCE_MAX_RETRIES from 4 to 2,
   capping worst-case recursive calls from 15 (3×5) to 9 (3×3).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Dockerfile

@@ -10,13 +10,14 @@ ENV NEXT_PUBLIC_API_URL=
 RUN rm -rf .next && npm run build
 
 # ---- Stage 2: Final image (Python + Node runtime) ----
-FROM python:3.9.13
+FROM python:3.12-slim
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 # System deps
 RUN apt-get update && apt-get install -y \
-    swig libssl-dev dpkg-dev netcat ffmpeg \
+    build-essential libpq-dev \
+    swig libssl-dev dpkg-dev netcat-openbsd ffmpeg \
     supervisor curl \
     && rm -rf /var/lib/apt/lists/*