python3-checks CI job is not hermetic

Currently this job is failing on main: https://gitlab.torproject.org/tpo/core/arti/-/jobs/794633

The output produces a whole pile of warnings.

The last successful run was here: https://gitlab.torproject.org/tpo/core/arti/-/jobs/788872

Comparing the lists of installed packages:

Successfully installed black-24.10.0 click-8.1.7 flake8-7.1.1 marko-2.1.2 mccabe-0.7.0 mypy-1.13.0 mypy-extensions-1.0.0 packaging-24.2 pathspec-0.12.1 platformdirs-4.3.6 pycodestyle-2.12.1 pyflakes-3.2.0 tomli_w-1.1.0 types-PyYAML-6.0.12.20240917 types-beautifulsoup4-4.12.0.20241020 types-html5lib-1.1.11.20241018 types-requests-2.32.0.20241016 types-toml-0.10.8.20240310 typing-extensions-4.12.2 urllib3-2.2.3

Successfully installed black-24.10.0 click-8.1.8 flake8-7.1.1 marko-2.1.2 mccabe-0.7.0 mypy-1.14.1 mypy-extensions-1.0.0 packaging-24.2 pathspec-0.12.1 platformdirs-4.3.6 pycodestyle-2.12.1 pyflakes-3.2.0 tomli_w-1.1.0 types-PyYAML-6.0.12.20241230 types-beautifulsoup4-4.12.0.20241020 types-html5lib-1.1.11.20241018 types-requests-2.32.0.20241016 types-toml-0.10.8.20240310 typing_extensions-4.12.2 urllib3-2.3.0

Observe that the version of mypy has changed.

We should pin the versions. Hopefully pip (or whatever it is we are using) has something like a Cargo.lock that we can commit.

Having this job fail due to external changes is pretty bad because it means that it doesn't run the cargo-audit job. We might fail to perform our security response.