Pin hashes in requirements

[matmair]

This PR introduces requirement hash pinning. This secures against supply chain attacks in which dependencies are replaced with malicious versions.
It also switches workflows over to use a requirement files.

[netlify]

✅ Deploy Preview for inventree-web-pui-preview canceled.

Name	Link
🔨 Latest commit	bd30d62
🔍 Latest deploy log	https://app.netlify.com/sites/inventree-web-pui-preview/deploys/66274a857fc3730008e51821

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.37%. Comparing base (3e52e5f) to head (bd30d62).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7081   +/-   ##
=======================================
  Coverage   83.37%   83.37%           
=======================================
  Files        1039     1039           
  Lines       45731    45731           
  Branches     1279     1279           
=======================================
  Hits        38129    38129           
  Misses       7329     7329           
  Partials      273      273           

Flag	Coverage Δ
backend	85.46% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[SchrodingersGat]

Why does each package get multiple hashes in the requirements file?

[matmair]

@SchrodingersGat it dependes on how many files/distributions are offered, this can be seen on Pypi itself too:https://pypi.org/project/certifi/#copy-hash-modal-205cb7d5-a79a-4f73-aeb7-f5c1c778db8c

[matmair]

Most packages nowaday release 2 files: a source tarball and a wheel (that is a pre-build distribution format)

[SchrodingersGat]

Ok! Please fix the conflict and I'll merge straight away

[matmair]

@SchrodingersGat mergefix is in