Bump Symfony, Guzzle and Twig dependencies (combined Dependabot updates)

[lgladdy]

Combines the 8 open Dependabot updates into a single lockfile update, plus the transitive bumps required to resolve a fully security-clean dependency set:

• symfony/routing 8.0.4 => 8.1.0 (Bump symfony/routing from 8.0.4 to 8.1.0 #577)
• symfony/http-foundation 8.0.4 => 8.1.0 (Bump symfony/http-foundation from 8.0.4 to 8.1.0 #576)
• guzzlehttp/psr7 2.8.0 => 2.12.1 (Bump guzzlehttp/psr7 from 2.8.0 to 2.11.0 #575 targeted 2.11.0, still affected by CVE-2026-55766)
• guzzlehttp/guzzle-services 1.4.2 => 1.7.0 (Bump guzzlehttp/guzzle-services from 1.4.2 to 1.5.4 #574)
• symfony/yaml 7.4.1 => 7.4.13 (Bump symfony/yaml from 7.4.1 to 7.4.12 #572)
• symfony/cache 7.4.4 => 7.4.13 (Bump symfony/cache from 7.4.4 to 7.4.13 #571)
• symfony/http-kernel 7.4.4 => 7.4.13 (Bump symfony/http-kernel from 7.4.4 to 7.4.13 #570)
• symfony/monolog-bridge 7.4.4 => 7.4.12 (Bump symfony/monolog-bridge from 7.4.4 to 7.4.12 #569)
• guzzlehttp/guzzle 7.10.0 => 7.12.1 (CVE-2026-55767, CVE-2026-55568; no PR)
• twig/twig 3.26.0 => 3.27.1 (CVE-2026-48808, CVE-2026-48805, CVE-2026-46636; no PR)

Plus transitive: guzzle command/promises/uri-template, symfony error-handler/event-dispatcher/var-dumper 8.1.0, contracts and polyfills.

All bumps are within-major (semver minor/patch). composer audit on the resulting lock reports no remaining advisories.