Reference requirement files while building dependency graph

Summary

The function ScanProjects will need to be refactored so that it parses requirement files in addition to lock files.

Improvements

Refactoring this code will allow #364590 and #364594 to scan the classifications of each dependency. For these issues, it's required to read metadata that only available in the dependency file e.g. is this strictly a devDependency?

Risks

Added complexity when resolving the contents of more than one file. This risk can be mitigated by having integration tests for fixtures that have a requirements file and a lock file.
Slower scans when resolving if a dependency is not a default dependency. This can possibly be mitigated with memoization.

Involved components

gemnasium/scanner
gemnasium/scanner/parser
gemnasium/cmd/gemnasium-maven
gemnasium/cmd/gemnasium-python
gemnasium/cmd/gemnasium

Optional: Intended side effects

Optional: Missing test coverage

Edited Jul 21, 2022 by Oscar Tovar