Plugins are accessing unstable API

I noticed this pattern while porting the collect_manifest plugin.

This plugin is iterating over the Sources of it's dependencies and calling APIs which are not provided by BuildStream.

This means that while things might work for a time, churn in plugin specific python API will cause the collect_manifest plugin, or any plugin which presumes that plugins offer stable python APIs, to break in the future.

Currently the only stable API plugins offer is the YAML API, the only python APIs on plugins which are safe to call, are those defined by BuildStream core.

Interestingly, this plugin also presumes that a plugin has a given API by observing it's kind, e.g. it thinks that if there is a plugin named git, it will be the plugin which collect_manifest thinks it is; this presumption alone is wrong, as projects might have different plugins imported from other providers which may choose to name their plugin git, a given pipeline might even have multiple plugins named git if junctioned projects import different plugins under the same name.

I'm not sure what the solution is here, but it is well known that there is no way to introspect source URLs (while refs can still be obtained via the public Source.get_ref() API), it has been discussed a couple of times that we need plugin side support for listing such things, as it would also be nice to encode these into artifact metadata, and be able to list the sources for a given element or artifact generically from the BuildStream CLI.