Fix `pex3 lock export` handling of exotic reqs.

[jsirois]

Although Pex supports locking VCS requirements and local project requirements, it does so with a be-spoke system for fingerprinting each; as such, the --hashes emitted when exporting lock files containing these types of requirements are not actually useable in practice. Continue to support exporting this class of lock file, but warn of the potential problems and offer a new --format pip-no-hash mode for the daring. In addition, change the requirements output for this class of lock file to match the input requirement for best fidelity when actually attempting to use the resulting exported requirement file without --hashes.

Fixes #2416

[jsirois]

I appreciate any and all reviews as always. That said, in this case, I'll be blocking on your opinion @huonw. There are some eye-of-the-beholder decisions here that I'd like your second eye on.

[huonw]

I've only had a moment for a quick skim but looks reasonable: nice approach with the warning message, and the introduction of --format pip-no-hash seems sensible (and the name looks good: obviously preserving --format pip for backwards compatibility, but even if starting from scratch, seems better to have the "more secure" version as the easier default).

Could you indicate which parts you're thinking are worth particular attention?

[jsirois]

That's it, you covered it all in that paragraph.