fix: bump GitPython to 3.1.49 (CVE-2026-44244)

[NZTimKeegan]

Pre-review checklist

• I've confirmed that instructions included in README.md are still correct after my changes in the codebase.
• I've added or updated automated unit tests to verify correctness of my new code.
  • n/a - I have executed the existing test suite, patch version of a dependency does not introduce new behaviour
• I've added or updated integration tests to verify correctness of my new code.
  • n/a - I have executed the existing test suite, patch version of a dependency does not introduce new behaviour
• I've confirmed that my changes are working by executing CLI's commands manually on MacOS.
  • n/a - I have executed the existing test suite, patch version of a dependency does not introduce new behaviour
• I've confirmed that my changes are working by executing CLI's commands manually on Windows.
  • n/a - I have executed the existing test suite, patch version of a dependency does not introduce new behaviour
• I've confirmed that my changes are up-to-date with the target branch.
• I've described my changes in the release notes.
• I've described my changes in the section below.
• I've described my changes in the documentation.
  • n/a - updating a dependency version does not introduce documentable behaivour

Changes description

GitPython <=3.1.48 does not validate newlines in
GitConfigParser.set_value(), allowing injection of arbitrary config sections, and potential RCE via crafted author names or emails.

[NZTimKeegan]

Forgot to commit the release notes. Updated now

[NZTimKeegan]

Rebased & pushed to resolve conflicts (RELEASE-NOTES.md)