feature request: scan requirements.txt files directly

[terriko]

Currently, we support scanning of python packages, but not taking a list of requirements.txt and scanning it directly. There's a number of other tools available for this (python safety, dependabot, snyk, among others) but since it's a nice thing for new users to try, I'd like to add it to our capabilities.

Some thoughts on implementation:

• requirements.txt doesn't always have versions, usually we install into a virtualenv to get those
• requirements.txt won't give us vendors (though they can often be guessable)
• we could use requirements.txt + an installed virtualenv to give us a extended list of not only what's in requirements.txt but also their dependencies. that's kind of fun.
• It would be neat to have a tool that turned a requirements.txt file into a valid SBOM, including the dependencies-of-dependencies