fix(venv): use only the vendored uv, drop system-PATH fallback

_uv_bin no longer falls back to a uv found on PATH. The uv PyPI package is a
declared dependency and is always present in our install (including Docker),
so the analyzer should use that pinned, vendored binary rather than whatever
uv happens to be on the user's PATH. Returns None only if the package is
missing, in which case callers fall back to pip.

Author: rahlk

codeanalyzer/core.py

@@ -238,15 +238,16 @@ def _get_base_interpreter() -> Path:
 
     @staticmethod
     def _uv_bin() -> Optional[str]:
-        """Path to a uv binary: the one bundled with the ``uv`` PyPI package (a
-        dependency, so normally always present -- including inside a Docker image),
-        else a uv on PATH, else ``None`` (callers fall back to pip)."""
+        """Path to the uv binary bundled with the ``uv`` PyPI package (a declared
+        dependency, so always present in our install -- including inside a Docker
+        image). We deliberately ignore any uv on PATH so the analyzer always uses
+        the pinned, vendored uv. Returns ``None`` only if the package is somehow
+        missing (callers fall back to pip)."""
         try:
             from uv import find_uv_bin
-
             return str(find_uv_bin())
         except Exception:
-            return shutil.which("uv")
+            return None
 
     def _install_into_venv(self, venv_python: Path, args: List[str]) -> None:
         """Install packages into the target venv, preferring uv for speed (parallel