Create `requirements.txt` file to track dependencies

[nhsavage]

@zmaalick - do we need to have a requirements file now we are planning to use conda environments? If not can we close this issue?

[hsteptoe]

This was specifically so we could use github dependency graph features (vulnerability tracking etc.) and for python this needs to be a requirements.txt or pipfile.lock https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems

... but more generally, this is an optional feature...

[zmaalick]

I guess at this stage, we can ignore it or put it in back burner.