chore: harden Gradle dependency reproducibility

feat: enable Gradle dependency locking for all configurations
feat: enforce strict lock-state usage in the build
feat: centralize repository declaration in settings.gradle
feat: enable strict Gradle dependency verification via gradle.properties
feat: add committed dependency lock state and verification metadata
fix: defer mockito agent resolution to test execution phase for locked builds
ci: validate reproducibility inputs before workflow builds
ci: include lock and verification inputs in workflow change detection
docs: establish explicit dependency update workflow for locks and verification metadata

build.gradle

@@ -41,8 +41,10 @@ tasks.withType(JavaCompile).configureEach {
     options.release = 21
 }
 
-repositories {
-    mavenCentral()
+dependencyLocking {
+    lockAllConfigurations()
+
+	lockMode = LockMode.STRICT
 }
 
 dependencies {
@@ -94,10 +96,13 @@ dependencyCheck {
 
 tasks.withType(Test).configureEach {
     useJUnitPlatform()
-    jvmArgs += "-javaagent:${configurations.mockitoAgent.singleFile}"
-    
+
+    doFirst {
+        jvmArgs "-javaagent:${configurations.mockitoAgent.singleFile}"
+    }
+
     finalizedBy(tasks.named('jacocoTestReport'))
-    
+
     reports {
         junitXml.required = true
         html.required = true