Fix CI: ignore CVE-2023-5752

[hugovk]

Not sure what's up with this safety check, we upgrade pip at the very start (it's already on latest 23.3.2) and then it complains about a vulnerability in an older version (23.2.1):

Run pip install --upgrade pip wheel
Requirement already satisfied: pip in /opt/hostedtoolcache/Python/3.12.1/x64/lib/python3.12/site-packages (23.3.2)
...
-> Vulnerability found in pip version 23.2.1
   Vulnerability ID: 62044
   Affected spec: <23.3
   ADVISORY: Pip 23.3 includes a fix for CVE-2023-5752: When installing
   a package from a Mercurial VCS URL (ie "pip install hg+...") with pip...
   CVE-2023-5752
   For more information, please visit
   https://data.safetycli.com/v/62044/f17

https://github.com/python/cherry-picker/actions/runs/7371215995

Anyway, we're not pip installing anything from a Mercurial repo or using this pip version, so let's ignore this warning to fix the CI.

[ezio-melotti]

FWIW I looked into this issue and filed the bug linked above. The TLDR is that there seems to be a .dist-info dir that is left over during the pip update, and this gets detected by safety and reported. This happens in the base image used by the GitHub runners, before anything from our workflows is run.