Add support for searching Python dependencies with `poetry.lock`

Created by: tsenart

• Implement Python packages integration (ala NPM) with pypi.org
  • PyPi JSON API: https://wiki.python.org/moin/PyPIJSON
  • curl -vL https://pypi.org/pypi/requests/json | jq . | less
• Add poetry.lock parser to https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/tree/internal/codeintel/lockfiles
• Support more lockfiles, such as
  • pipfile.lock (pipenv)
  • [ ] pip (requirements.txt)
• Make wheel selection more deterministic
• [ ] Support more packages types, such as tar.*
• Add tests for vcs syncer and Python Source in repoUpdater.

Notes:

• Pypi.org serves wheels/eggs (built distribution) and archives (source distribution). eggs are considered deprecated but they still might occur.
• For each version, packages can have wheels or archives or both.
• Wheels are platform dependent, archives are not.
• Archives can be in various formats Examples:
  • grpc package only has tarball, no wheels
• Proposal for tarball vs. wheel:
  • pick tarball at the correct version
  • fall back to wheel based on a priority list of distributions if tarball is not availble.
    • alternative: pick first wheel
• Versioning scheme: https://peps.python.org/pep-0440/