Address security alerts for Opencodelists by upgrading dependencies

[lucyb]

From Steve: There are several outstanding dependency upgrades that have not been merged, so there are currently 18 active security alerts in this project.

2107 Covers upgrading Django and should be done first. It may also require updating some Django dependencies.

1852 Covers upgrading Python, but I don't think addresses any security vulnerabilities.

Acceptance criteria:

• [ ] Development dependencies are up to date
• [ ] Production dependencies are up to date
• [ ] No outstanding Dependabot PRs for Python libraries.

Given the number of dependencies to update, it might be worth updating them in batches rather than in one go.

[iaindillingham]

https://github.com/opensafely-core/opencodelists/security/dependabot/82 is blocked until we upgrade django and django-debug-toolbar.

[StevenMaude]

If testing/upgrading to Django 5 is a little bit tricky, it might be easier to upgrade to the latest Django 4.2 (we're already on a 4.2 version).

It's a long term support release and still gets security updates, although Dependabot wants to upgrade us to Django 5.

[lucyb]

Upgrading whitenoise may be particularly useful and may not be picked up as required by Dependabot.