Protection of developers from the possibility of malicious code in dependencies

[Changaco]

Liberapay's README currently states:

It's up to you to isolate your development environment from the rest of your system in order to protect it from possible vulnerabilities in the testing dependencies.

That's unsatisfactory. If venvjail pans out, Liberapay should probably use it by default. In the meantime, there should be at least one documented way to set up a sandbox to contain possible exploits.