pip can no longer be used to install system packages on Debian 12 and derivatives

[cpswan]

Describe the bug

We presently use pip3 install docker-compose; to install docker-compose on Arm systems, but this will no longer work in latest Raspberry Pi OS or anything else based on Debian 12 'Bookworm'

error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
    python3-xyz, where xyz is the package you are trying to
    install.

    If you wish to install a non-Debian-packaged Python package,
    create a virtual environment using python3 -m venv path/to/venv.
    Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
    sure you have python3-full installed.

    If you wish to install a non-Debian packaged Python application,
    it may be easiest to use pipx install xyz, which will manage a
    virtual environment for you. Make sure you have pipx installed.

    See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.

Steps to reproduce

1. First I sign into a Debian 12 based system
2. Then I apt install -y python3-pip
3. And then pip3 install docker-compose

Expected behavior

We should be able to install docker-compose using the system package manager, and fall back to downloading a (more recent) release.

Additional context

We presently use:

compose_url="https://github.com/docker/compose/releases/download/1.29.2", which is way out of date (10 May 2021)

The latest releases (18 Oct 2023) have binaries for Linux (aarch64, armv7 and x86_64) and Mac (aarch64 and x86_64)

[cpswan]

We get a scorecard ding for that un-sha'd pip3 install https://github.com/atsign-foundation/dess/security/code-scanning/3