Add dependency pinning with pip-tools

This MR adds pinning of dependencies to achieve reproducible builds, especially in the CI pipeline. It does not yet introduce full reproducibility, because the e2e environment has not been worked on in this MR. This will be tracked in #554.

The first few commits cleanup and reorganize the existing dependency declarations for krake, rok and rak, and switch from old setup.py approach to the modern pyproject.toml (which is a drop-in replacement).

These pyproject.toml files contain abstract requirements which are "compiled" into concrete requirements.txt files with the help of new tox tasks (e.g., tox run -m requirements).

There are different sets of compiled dependencies depending on the targeted Python release and selected package extras such as test. Every concrete requirement file has a file header which documents how it was compiled.

The remaining commits deal with the integration of the dependency pinning into the tests, Krake docker image build, and CI pipeline. The key ingredient here is to use pip install with the --no-deps flag followed by a pip check, which make the builds fail if the concrete requirements are incomplete.

I also created concrete requirements for Python tools that are used in the CI pipeline (linting, documentation generation and code coverage).

Furthermore I added a new page to the developer documentation. It explains this new setup and how the concrete requirements can be managed.

Closes: #541 (closed)

Signed-off-by: Martin Morgenstern martin.morgenstern@cloudandheat.com