Bump Rails to 7.2.3.1 for Active Support / Action View security advisories

[Micaherb]

Summary

Clears all 5 open Dependabot alerts on this fork via a single bundle bump.

#	Package	Severity	Fix
21	rack-session	critical	2.1.1 → 2.1.2 — Rack::Session::Cookie secrets decrypt-failure fallback enables secretless session forgery + Marshal deserialization (GHSA-78j9-66rq-3p98). Pulled in transitively by actionpack 7.2.3.1.
7	activesupport	medium	7.1.5.2 → 7.2.3.1 — DoS in number helpers (GHSA-pj4j-9f6q-rh9c)
6	activesupport	medium	7.1.5.2 → 7.2.3.1 — ReDoS in number_to_delimited (GHSA-7q67-mfvx-9pg5)
5	activesupport	medium	7.1.5.2 → 7.2.3.1 — SafeBuffer#% XSS (GHSA-c8v4-25w4-c8cv)
4	actionview	low	7.1.5.2 → 7.2.3.1 — Action View tag helpers XSS (GHSA-r7p8-r9hf-mqrm)

The Rails patches were only released on the 7.2.x line (7.2.3.1), so all Rails subcomponents in Gemfile.lock move from 7.1.5.2 to 7.2.3.1. No backport exists in 7.1.x.

Notes

• Adds an explicit floor in the root Gemfile (gem "railties", "~> 7.2.3", ">= 7.2.3.1") so future bundle update runs can't regress below the patched version.
• solid_queue.gemspec still declares railties >= 7.1, so consumers of the gem are not forced to 7.2.
• The Appraisal matrix (rails_7_1 / 7_2 / 8_0 / 8_1 / main) is unaffected — appraisal sub-gemfiles only gemspec path: "../" and don't inherit the root Gemfile's constraints.
• Transitive bumps from the Rails 7.2 dep tree: loofah 2.23.1 → 2.25.1, rails-html-sanitizer 1.6.2 → 1.7.0, rails-dom-testing 2.2.0 → 2.3.0, rackup 2.2.1 → 2.3.1; new transitives cgi, tsort, useragent; mutex_m dropped (no longer required).

Test plan

• CI green across the full appraisal matrix (rails 7.1 / 7.2 / 8.0 / 8.1 / main × mysql / postgres / sqlite). Note: the base branch is flaky on a handful of timing-sensitive integration tests (ContinuationTest, BatchLifecycleTest, ConcurrencyControlsTest) — those failures are not introduced by this PR.
• Dependabot alerts auto-close after merge