Add Python 3.13 to the testing matrix

[ezio-melotti]

This PR adds Python 3.13 to the testing matrix.

It works out of the box on the Ubuntu builders, but it failed on Windows and MacOS because cffi failed to build.

There is currently a cffi rc release that is compatible with 3.13. When I added that all tests passed.
Once a final release is out, the explicit cffi dep can be removed. I added a comment as a reminder.

I would merge this now so that we can start testing on 3.13.
@dependabot should create a PR once a new version of cffi is out, reminding us to remove it.

[ezio-melotti]

This seems to fail due to an unrelated issue reported by safety:

-> Vulnerability found in jinja2 version 3.1.4
   Vulnerability ID: 70612
   Affected spec: >=0
   ADVISORY: In Jinja2, the from_string function is prone to Server
   Side Template Injection (SSTI) where it takes the "source" parameter as...
   CVE-2019-8341
   For more information about this vulnerability, visit
   https://data.safetycli.com/v/70612/97c
   To ignore this vulnerability, use PyUp vulnerability id 70612 in safety’s
   ignore command-line argument or add the ignore to your safety policy file.

3.1.4 is currently Jinja's latest release, so it might take a while before the issue is fixed and the fix released.
However Jinja is not a cherry-picker dependency but a safety one, so technically it can be ignored.

See also the upstream issue:

• safety is pulling in jinja2 with a vulnerability and failing the safety check pyupio/safety#539