[BUG] Pip doesn't support programmatic usage

[dwoz]

Description

The maintainers of pip have had a pretty strong stance that pip should not be imported and used pragmatically. https://pip.pypa.io/en/stable/user_guide/#using-pip-from-your-program

We should try and comply with their policy. There are only a couple places where we import pip today.

The biggest offender is in salt/states/pip_state.py https://github.com/saltstack/salt/blob/master/salt/states/pip_state.py#L122 It looks like we have enough support in salt.utils to be able to handle the requirements version parsing ourselves. Then we should be shelling out to install the packages. This is a more complete fix to avoid potential breakage in the future see #60626 and https://github.com/pypa/pip/issues/10212

Another place we are importing pip is in salt/cloud/deploy/bootstrap-salt.sh https://github.com/saltstack/salt/blob/master/salt/cloud/deploy/bootstrap-salt.sh#L2702 From the looks of it, this code is less prone to breakage but we should evaluate if there are any options other than importing pip.

[OrangeDog]

For some tasks, there is a library requirementslib that is safe to import and use.

[s0undt3ch]

For the bootstrap side we could either use subprocess or even pass the output of pip --version to the script and then get the version using something like regex = re.compile("(:?pip )?(?P<version>(:?[\d]+)(:?\.[\d]+)?(:?\.[\d]+)?)(:?.*)?") and do the comparison