Use a lock file #62
Description
Many modern package managers use lock files (e.g. cargo, pipenv, lazy.nvim, etc.), to prevent dependency hell issues.
It has happened quite a bunch of times to me that a call to bootstrap does not work, because of a python dependency issue.
If waft would use a lock file, then we should be able to prevent dependency issues out of nowhere (except for when you need to change something about which python packages are installed of course).
Here is something I did for an Odoo build environment I made myself: https://github.com/bamidev/wax/blob/master/flake.nix#L229
Basically it uses pip freeze and stores the output in the lock file, so that you can install that instead of the requirements(-default).txt.
You could do something like that as well maybe.