Improve Dependency Management by removing packages not needed at runtime

[waldemarmeier]

Dash runtime requirements inlcude some packages that are not needed at runtime.

See requirements/install.txt

Is your feature request related to a problem? Please describe.
Working in an enterprise setting there are strict requirements ragarding deploying secure software. Reducing the attack surface by installing only essential packages is key. As of now, dash requires some packages to be installed in the runtime environment which are not needed to run the app at all or not in particular / newer python versions.

Describe the solution you'd like

1. Leverage PEP-518 which allows to remove setuptools as a runtime dependency and add it as a build time dependency.
2. importlib_metadata is sparsely used. Depending on the python version and features needed for this package, it is not required at all and can be replaced with importlib.metdata which is inlcuded in the python stanrdard lib (at least for >3.8). Require it only for older python versions. You can handle if the version from the standard-lib or the installed packages should be used by checking the python version when the packages are imported. Add e.g. importlib-metadata ; python_version < 3.9 to the respective requirements file.

import sys

if sys.version_info >= (3, 8):
    from importlib.metadata import ...
else:
    from importlib_metadata import ...

3. I am pretty sure that the typing_extensions package is not needed for newer python versions (>=3.10). If you do not leverage runtime type checking you can make it optional. For newer python versions the types can be imported from the typing package. Additionally, you can leverage the typing.TYPE_CHECKING constant. Again, require it only for older python versions and check the python version before importing the package.
   Describe alternatives you've considered
   No

[T4rk1n]

1. As this is an older library, the build system is legacy and work as is, setuptools barely adds any install time. While it be cool to change the build system, there has been efforts by the community to update it, that PR was maybe going a bit too far with all the file moving and there is now many conflict but it's a good start. Might be better extract the pyproject.toml changes without the file moving and make a new PR.
2. importlib-metadata is leftover from supporting Python versions from 3.6, we dropped that and I think it could be removed now, we'll gladly look at a PR for that.
3. typing_extensions is actually used extensively from the coming Dash 3.0, we have no plan of dropping Python version 3.8 support for the time being and need the accommodations it provides.