SK-2934 remove unused dependency

[skyflow-bharti]

Why

• Three CI CVEs reported: CVE-2023-45133 (Babel, CRITICAL), CVE-2024-21538 (cross-spawn, HIGH), CVE-2026-33210 (Ruby json gem, CRITICAL)
• CodeQL scanning broken since March 2025 — codeql-action@v2 was EOL'd by GitHub
  AEXML declared as a dependency but never used — dead import adding unnecessary supply chain surface
• Podspec had stale swift_version = '4.2' and ios.deployment_target = '9.0'

Goal

• CI pipeline free of the three reported CVEs
• CodeQL Swift scanning restored
• AEXML fully removed from Client.swift, Package.swift, and Skyflow.podspec
• Podspec updated to iOS 13.0 / Swift 5.0
• All actions/checkout and actions/upload-artifact on current major versions

Testing

• No runtime behaviour changed — AEXML had zero API usage, confirmed via full source grep
• Existing test suite covers Client and will catch any regression
• Deployment target bump (9.0 → 13.0) is a minor breaking change for iOS 9–12 consumers; negligible real-world impact

Tech debt

• Addressing: removes a long-standing dead import and stale Podspec metadata
• Adding: SHA-pinning of GitHub Actions still outstanding — follow-up task

[github-actions]

✅ Gitleaks Findings: No secrets detected. Safe to proceed!

[github-actions]

✅ Gitleaks Findings: No secrets detected. Safe to proceed!

[github-actions]

✅ Gitleaks Findings: No secrets detected. Safe to proceed!

[github-actions]

✅ Gitleaks Findings: No secrets detected. Safe to proceed!