chore: fix ruff lint errors, bandit suppressions, and pin pip>=26.0

Remove unused imports (ruff F401), suppress B324 false positives on
spec-mandated MD5 in HASSH/JA3/JA3S fingerprinting, drop unused
record_version assignment in JARM parser, and pin pip>=26.0 in dev
deps to address CVE-2025-8869 and CVE-2026-1703.

decnet/sniffer/fingerprint.py

@@ -12,7 +12,6 @@ from __future__ import annotations
 import hashlib
 import struct
 import time
-from pathlib import Path
 from typing import Any, Callable
 
 from decnet.sniffer.syslog import SEVERITY_INFO, SEVERITY_WARNING, syslog_line
@@ -519,7 +518,7 @@ def _ja3(ch: dict[str, Any]) -> tuple[str, str]:
         "-".join(str(p) for p in ch["ec_point_formats"]),
     ]
     ja3_str = ",".join(parts)
-    return ja3_str, hashlib.md5(ja3_str.encode()).hexdigest()
+    return ja3_str, hashlib.md5(ja3_str.encode()).hexdigest()  # nosec B324
 
 
 def _ja3s(sh: dict[str, Any]) -> tuple[str, str]:
@@ -529,7 +528,7 @@ def _ja3s(sh: dict[str, Any]) -> tuple[str, str]:
         "-".join(str(e) for e in sh["extensions"]),
     ]
     ja3s_str = ",".join(parts)
-    return ja3s_str, hashlib.md5(ja3s_str.encode()).hexdigest()
+    return ja3s_str, hashlib.md5(ja3s_str.encode()).hexdigest()  # nosec B324
 
 
 # ─── JA4 / JA4S ─────────────────────────────────────────────────────────────

decnet/sniffer/worker.py

@@ -14,9 +14,7 @@ import asyncio
 import os
 import subprocess
 import threading
-import time
 from pathlib import Path
-from typing import Any
 
 from decnet.logging import get_logger
 from decnet.network import HOST_MACVLAN_IFACE