fix: Ignore tarfile symlink vulnerability in pip-audit

GHSA-4xh5-x5gv-qwph
pypa/pip#13607

As we're not affected, this seems to be the most
pragmatic approach for this curveball.

Author: dannyadair

.github/workflows/pip-audit.yaml

@@ -23,9 +23,6 @@ jobs:
           echo "VIRTUAL_ENV=$PWD/.venv" >> $GITHUB_ENV
           echo "$PWD/.venv/bin" >> $GITHUB_PATH
           uv sync --dev
-      - name: Upgrade pip in venv
-        run: |
-          python -m pip install --upgrade pip
       - name: Run pip-audit
         run: |
-          pip-audit
+          pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph