Update urllib3 to 2.6.0+

[kstribrnAmzn]

Description of changes:
This dependency update prevents a
malicious compression exploit as
documented in CVE-2025-66418.

• Testing: *
  Relying on the CI step test-link-verifier to handle testing. If tests pass then I'd consider this good enough.

Issue #, if available:

• CVE - https://nvd.nist.gov/vuln/detail/CVE-2025-66418
• Dependabot
  • https://github.com/aws/aws-iot-device-sdk-embedded-C/security/dependabot/20
  • https://github.com/aws/aws-iot-device-sdk-embedded-C/security/dependabot/21

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[kstribrnAmzn]

Note - the link verifier is failing due to microchip's URL returning a 403. This can be fixed in a separate PR as I don't think this is related to the urllib3 dpeendency update.

[kstribrnAmzn]

Merging this in to reduce the risk from the CVE. I will continue to debug the microchip link verification issue if it persists.