Add `pip-lock` extension

[kylewillmon]

Many projects use a loose requirements.txt file. To assist them when using phylum, we need an extension to generate a strict requirements.txt file from that loose one so that it can be submitted to phylum for analysis.

Acceptance Criteria

• [ ] A phylum extension exists that takes a loose requirements.txt formatted file as input (e.g., phylum pip-lock ./requirements.txt)
• [ ] The extension takes into account locally available package/versions when resolving the strict manifest
• [ ] The extension outputs the resultant strict manifest
• [ ] Documentation is created/updated
• [ ] Optional: The extension can take an argument (e.g., --analyze) that will automatically submit the resulting strict manifest for phylum analysis

Notes

• See phylum-dev/community-extensions#8
• Sandboxing could be helpful here as pip install --dry-run still presents some risk.

[furi0us333]

Closing in favor of an existing solution leveraging the pip-tools command, pip-compile. https://pypi.org/project/pip-tools/