build requirements: colorama grew a new build-time dependency :/

or more like four:
```
$ pipdeptree
hatchling==1.11.1
  - editables [required: >=0.3, installed: 0.3]
  - packaging [required: >=21.3, installed: 21.3]
    - pyparsing [required: >=2.0.2,!=3.0.5, installed: 3.0.9]
  - pathspec [required: >=0.10.1, installed: 0.10.1]
  - pluggy [required: >=1.0.0, installed: 1.0.0]
  - tomli [required: >=1.2.2, installed: 2.0.1]
```

Let's monitor how the situation evolves, and whether other packages start requiring hatchling,
but for now I am not going to add four new packages into the trusted base set...
Pinning colorama to an older version for now.

related:
https://github.com/tartley/colorama/pull/338
https://github.com/tartley/colorama/issues/349

contrib/requirements/requirements-build-android.txt

@@ -9,7 +9,8 @@ sh
 
 # needed by python-for-android:
 appdirs
-colorama>=0.3.3
+# colorama upper bound to avoid needing hatchling
+colorama>=0.3.3,<0.4.6
 jinja2
 sh>=1.10
 pep517

contrib/requirements/requirements-hw.txt

@@ -15,3 +15,8 @@ pyserial>=3.5.0,<4.0.0
 # prefer older protobuf (see #7922)
 # (pulled in via e.g. keepkey and bitbox02)
 protobuf>=3.12,<4
+
+# prefer older colorama to avoid needing hatchling
+# (pulled in via trezor -> click -> colorama)
+# (pulled in via safet -> click -> colorama)
+colorama<0.4.6