Allow gemnasium-python to report setuptools and pip direct dependencies

Proposal

In gitlab-org/security-products/analyzers/gemnasium!719 (comment 1903136298), we had to make a decision on whether to keep pip and setuptools dependencies in the final dependency scanning result. Both options, inclusion and exclusion, had tradeoffs for our customers. If we kept them included, then we'd incorrectly report them, and any vulnerabilities, as part of the scanned project. This is incorrect because the dependencies will mostly appear because they're needed to set up the virtual environment with the project's dependencies. This is mostly the case, but not always. Edge cases exist where a project may legitimately need depend on pip and/or setuptools like in the case of pip-tools. For these edge cases, we'll unfortunately not report the dependency or any related vulnerabilities, a shortcoming that should be addressed.