Add Pipfile.lock support

What does this MR do?

Enable file parser for Pipfile.lock

Backward compatibility is maintained, and gemnasium-python is still able to scan a Pipenv project that has no lock file.

Warning! This change has two significant side-effects:

• location of the vulnerabilities changes. See diff in failing QA job. Vulnerability feedback will be lost.
• The report contains the normalized names of the dependencies (those stored in Pipfile.lock), and not the canonical names. This affects the Dependency List but not dependency scanning itself.

Users can delete Pipfile.lock prior to running the scan (in the before_script) to restore the previous behavior. In the future, they might be able to achieve the same using DS_EXCLUDED_PATHS, after implementing gitlab-org/gitlab#292457 (closed).

What are the relevant issue numbers?

gitlab-org/gitlab#11756 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
  • covered by issue gitlab-org/gitlab#11756 (closed)
• [-] Documentation created/updated for this project, if necessary
• [-] Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
  • QA job added; it uses https://gitlab.com/gitlab-org/security-products/tests/python-pipenv/-/tree/pipfile-lock-FREEZE
• Job definition updated, if necessary
  • covered by issue gitlab-org/gitlab#11756 (closed)
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer