core: enable dependency locking

[multun]

Description and goal

Currently, builds of core aren't quite reproducible: if a new version of a dependency is published that matches our version specification, it may cause the build or runtime to fail without notice, nor easy way to understand what happened.

We should instead:

• ensure dependabot supports updating gradle lockfiles
• generate a lock file https://docs.gradle.org/current/userguide/dependency_locking.html
• relax version dependencies: "1" instead of "1.4.2"

Acceptance criteria

A list of conditions which define when this task shall be considered complete

[Khoyo]

This is dependabot's gradle lockfile issue: https://github.com/dependabot/dependabot-core/issues/2222