Warn against using pip with test.pypi.org

[mechsin]

I had filed a issue over on the packaging-problems project, and as part of resolving that @sinoroc request that I file a documentation issue over here.

Looking specifically at the guidance on the URL below.

https://packaging.python.org/en/latest/guides/using-testpypi/#using-testpypi-with-pip

This section advocates that users test downloading there package from test.pypi.org using pip and the --index-url argument. @sinoroc pointed out that if your package pulls dependencies that it might pull unsavory packages typo squatting on test.pypi.org.

@sinoroc indicated that test.pypi.org should not be used for testing pip. As a novice package publisher, this is my first public packaage, I would differ to the PyPa community, but I see @sinoroc point.

Depending on the community opinion I would suggest at minimum adding a warning that downloading from test.pypi.org could be hazardous for your health with some reasoning. Or if community agreement is unanimous that this is not an approve use of PyPi you could omit the section completely although it is probably best to keep the section but to just reduce it to a strongly worded warning that using pip against test.pypi.org is not advised again with some reasoning.

This is the original ticket for reference of the original conversation packaging problems #725