…#281)

The previous patch (commit df13783) pinned pygments<2.20 to work
around the mkdocs strict-build crash. That pin reverted a security
fix: pygments 2.20.0 ships the HTML-formatter hardening from
pygments/pygments#3071 ("Harden the HTML formatter against CSS"),
which pymdownx.highlight tripped only because it was passing
filename=None under a specific config path.

Correct root cause, traced through pymdownx/highlight.py:

- Line 392-396: `title` stays None when `auto_title` is off AND no
  explicit title attribute is set on the fenced block.
- Line 410: `filename=title if not inline else ""`.
- Line 179: `HtmlFormatter.__init__(self, **options)` with filename=None.
- pygments 2.20.0 HtmlFormatter.__init__ line 434 now calls
  `html.escape(...)` on the value directly; None is no longer tolerated.

Fix: set `auto_title: true` on the pymdownx.highlight extension in
mkdocs.yml. This guarantees `title` is auto-generated from the lexer
name (never None), so `filename` reaches HtmlFormatter as a string, and
the pygments 2.20.0 hardening check is satisfied.

Reverts the pyproject.toml / requirements-docs.txt pygments pin added
by df13783. pygments upgrades cleanly via `uv lock --upgrade-package
pygments`; 2.20.0 restored. Verified:

  $ uv run mkdocs build --strict
  INFO -  Documentation built in 2.21 seconds

Security hardening retained. Correct fix for the class of failure is
"always pass a valid filename," not "pin to the pre-hardening version."

Closes #281