feat(toolchains): backport 20260325/20260414 Python toolchains for 2.0.2 (#3708)

[kevinpark1217]

Backports the Python toolchain bumps from #3708 to release/2.0 so the 2.0.x series can pick up the high-severity CVE fixes (CVE-2025-13836, CVE-2026-24049, CVE-2026-23949) described in #3773 without requiring a major-version migration. Adds MINOR_MAPPING entries for 3.10.20, 3.11.15, 3.12.13, 3.13.{12,13}, 3.14.{3,4}, 3.15.0a8 and a new 2.0.2 CHANGELOG.md section.

Before: release/2.0 ships 3.10.19 / 3.11.14 / 3.12.12 / 3.13.11 / 3.14.2, which bundle the vulnerable interpreter + setuptools/pkg_resources.

After: release/2.0 ships the patched 20260325 / 20260414 python-build-standalone archives. CHANGELOG gains a 2.0.2 section.

Commits:

• feat(toolchains): Add 3.10.20, 3.11.15, ... — cherry-pick of feat(toolchains): Add 3.10.20, 3.11.15, 3.12.13, 3.13.{12,13} 3.14.{3,4}, 3.15.0a8 #3708 (6dac0f6d). CHANGELOG.md bullets placed under a new 2.0.2 section instead of Unreleased. The examples/wheel/ hunk is kept verbatim because the new interpreters drop setuptools/pkg_resources, breaking the previously-pinned pypiserver==2.0.1.
• ci: update RBE toolchain version from ubuntu2204 to ubuntu2404 (#3778) — cherry-pick of 32527de8. Needed to unbreak RBE jobs (RBE provider dropped the ubuntu2204 toolchain). MODULE.bazel conflict resolved by taking only the rules_cc 0.1.5 → 0.2.17 bump; the unrelated package_metadata bazel_dep from main is skipped.

Fixes #3773.

[gemini-code-assist]

Code Review

This pull request updates the Python toolchains by adding several new versions (3.10.20, 3.11.15, 3.12.13, 3.13.12, 3.13.13, 3.14.3, 3.14.4, and 3.15.0a8) from the 20260325 and 20260414 releases. It also updates the MINOR_MAPPING to these latest versions and adjusts the get_release_info logic in python/versions.bzl to handle build string formatting for freethreaded platforms based on the release ID. I have no feedback to provide.