feat: add pypa/build

[henryiii]

This adds pypa/build to the requirements file. CC @FFY00

Closes #940.

[mayeut]

Unfortunately, this doesn't pass CI tests because it's expecting the sha sums of all wheels (i.e. not only top-level).
I'm already finding dependabot quite not fitted with the low number of dependencies we currently have and, given the number of dependencies that pypa/build will require, I'm not keen on adding this just yet.
I'm thinking of rewriting python dependencies update a bit more like what's being done over at cibuildwheel to handle the multiple versions of python in a cleaner way.
There's also the fact that, at the moment, we require 3 branches to be updated. There's #877, #876, #879 but it seems we're short on manylinux maintainers review time. I'd also be glad to see other contributors/users feedback if that has any impact for them (I expect no impact for most users, only people rebuilding the image themselves with some patches will be highly impacted by the rewrite).

[henryiii]

I believe it's 3-6 dependencies, just packaging, toml, and pep517 for the most recent Python, though older versions of Python 3 also need importlib-metadata, and Python 2 needs virtualenv and typing. I believe these are technically almost all present in vendored form in pip, actually. ;)

But if you hope to refactoring the system a bit, this doesn't have to go in instantly. Targeting three branches is irritating (and might get worse with the new manylinux_2_* naming)?, would love to see that improved, but I'm happy to add the pins and target the branches if needed.

[henryiii]

A pip-compile based workflow with multiple requirements.txt's and a single requirements.in would be much nicer :)

[mayeut]

Thanks @henryiii

Yes, the requirements.txt is a mess, mostly because of how dependabot works and workaround some issues with it. This will be reworked at a later date with a full dependency update workflow bypassing completely dependabot issues (like what's done in cibuildwheel).