deps: Move matplotlib dependency to extras

[philippefutureboy]

Hello @MaartenGr!

A two high severity security alerts in pillow 9.50.0, a dependency of matplotlib has been brought to our attention by dependabot:

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to https://github.com/advisories/GHSA-hhrh-69hc-fgg7 (previously https://github.com/advisories/GHSA-j7hp-h8jx-5ppr). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Investigating further, we realized that we do not use pillow; nor do we use matplotlib. We found our only dependency relying on matplotlib was polyfuzz, and we do not use the functionality provided by this dependency.

Would you be willing to make matplotlib an optional dependency? It seems to be only required by the visualize_precision_recall function in https://github.com/MaartenGr/PolyFuzz/blob/e7540030d6dddc64bdb94c474ed6360dd7a5cdf7/polyfuzz/metrics.py#L56 .

I don't know what your end user usage of this function is like, but on our end we do not use it (we primarly use polyfuzz to catch duplicate strings in user-managed datasets), and as such having matplotlib and its entire dependency tree to manage in our already large dependency array is something we'd rather not have to do 😅

So what do you say? :)

Thanks a lot! (And thanks for this fantastic package ;))

Cheers! Philippe