move `make update-pip-requirements` back into development containers

[cfm]

After I initially reviewed #7234, @legoktm added in https://github.com/freedomofpress/securedrop/issues/7234#issuecomment-2402639037:

I'm gonna make one change, we don't actually need to run this in the container anymore, so it'll be even faster.

I didn't retest with that change, and we've just discovered why I should have: without the container, the available system Python is what's used to build packages, and apxs is required from the apache2-dev package. @legoktm thinks these are reasons to move make update-pip-requirements back into the development containers after all.

[legoktm]

apxs is just its own weird thing that we need to handle, but the funny thing is if we embraced uv even farther, it could automatically download Python 3.8 for us if missing instead of falling back to whichever system Python is available.

Maybe there's a fast path of like, if you have everything we need, skip the container. But probably not worth the extra hassle/logic.