Pinning dependencies per OSSF security practices and coverting to ASCII

[timmiesmith]

https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies recommends explicitly pinning dependencies to reduce several security risks.

Line endings in the file were inconsistent so I converted them all to ASCII instead of a mix of CR and CRLF line endings.

[danhoeflinger]

These dependencies actually seem impossible to fulfill based on the CI failure:

    The user requested sphinx==4.4.0
    breathe 4.9.1 depends on Sphinx>=1.4
    sphinx-book-theme 1.1.2 depends on sphinx>=5

Would increasing the required sphinx version resolve this?

That may have unintended consequences. May be best to figure out which version of these was currently being used prior to this PR and just use those version numbers.