What Does This Do

Only upgrade gradle dependencies if they are at least 48 hours old. This PR specifically addresses the “Update Gradle dependencies” workflow. This follows #11215

Motivation

Require a 48-hour cooldown on external dependencies to reduce the risk of zero-day vulnerabilities.

Additional Notes

This PR was largely written by AI with my guidance on requirements and testing, followed by my review and tweaks for readability.

I added python tests for the scripts, but the actual changes need to land on master before the workflow can be tested because the workflow depends on an octo-sts token that is only scoped to master.

Contributor Checklist

• Format the title according to the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any other useful labels
• Avoid using close, fix, or any linking keywords when referencing an issue
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, migration, or deletion
• Update public documentation with any new configuration flags or behaviors

Jira ticket: [PROJ-IDENT]

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.