Add lock file for dependbot to be able to manage project dependencies

[aforsythe]

Currently getting

Dependabot can't update vulnerable dependencies without a lockfile

The currently installed version can't be determined.

To resolve the issue add a supported lockfile (Pipfile.lock, pyproject.lock or poetry.lock).

[KelSolaar]

Mmmh, I'm not sure having a lock file is a good idea, resolve dependencies are usually done for a specific OS and might not be portable.

[aforsythe]

Yeah ... I though this worked before without a lock file, so I'm not sure what's going on. I'll investigate further.