Have build_image.py enforce that base.Dockerfile installs all pip dependencies

[ANogin]

• I have reviewed the OFRAK contributor guide and attest that this pull request is in accordance with it.
• I have made or updated a changelog entry for the changes in this pull request.

One sentence summary of this PR (This should go in the CHANGELOG!)

Have build_image.py enforce that base.Dockerfile installs all pip dependencies

Link to Related Issue(s)

Supersedes #218
Depends on #689 and #693:

• PR Add a requirements.txt file to ofrak_angr #689 needs to be merged first (or the ofrak_angr missing requirements.txt resolved in some other way), and the resulting master branch merged into this feature/enforce_pip_sanity branch
• PR Make aiohttp version requirements consistent; address CVE-2025-69223 #693 needs to be merged first (or the aiohttp version mismatch resolved in some other way), and the resulting master branch merged into this feature/enforce_pip_sanity branch

Please describe the changes in your request.

See #218 for some original motivation.

At the start of finish.Dockerfile, download setuptools and wheel to /pip-wheels for pip's PEP 517 build isolation. Then use PIP_NO_INDEX=1 PIP_FIND_LINKS=/pip-wheels for all pip install commands. If any runtime dependency was not properly installed by base.Dockerfile` and is missing, pip fails with "No matching distribution found" plus a custom error message explaining the issue.

Changes to base.Dockerfile generation:

• Install requirements-pip.txt first (pins pip/setuptools versions)
• Remove redundant pip install --upgrade pip (version now pinned)
• Install requirements-dev.txt for DEVELOP builds (note - moving it here, before the code is copied, improves caching)

Changes to finish.Dockerfile generation:

• Download setuptools/wheel to /pip-wheels for build isolation
• Remove redundant pip install of requirements-dev.txt (now in base)
• Use PIP_NO_INDEX=1 PIP_FIND_LINKS=/pip-wheels for all pip installs
• Add custom error message when pip install fails
• Add pip check after installation to verify dependency consistency
• Add inspect target to generated Makefile with pip check
• Make test target depend on inspect

Without #689 this results in:

...
27.75 INFO: pip is looking at multiple versions of ofrak-angr to determine which version is compatible with other requirements. This could take a while.
27.75 ERROR: Could not find a version that satisfies the requirement angr<=9.2.174,>=9.2.93 (from ofrak-angr) (from versions: none)
27.75 ERROR: No matching distribution found for angr<=9.2.174,>=9.2.93
27.83 make[1]: Leaving directory '/ofrak_angr'
27.83 make[1]: *** [Makefile:9: develop] Error 1
27.83 make: *** [Makefile:7: develop] Error 2
27.83 ERROR: pip install of an OFRAK package failed when prohibited from downloading from PyPI. A dependency may be missing from base.Dockerfile. Add it to the appropriate requirements.txt file.
...

during the final.Dockerfile build.

With #689, but without #693, this results in:

...
34.31 INFO: pip is looking at multiple versions of ofrak-ghidra to determine which version is compatible with other requirements. This could take a while.
34.31 ERROR: Could not find a version that satisfies the requirement aiohttp~=3.12.14 (from ofrak-ghidra) (from versions: none)
34.31 ERROR: No matching distribution found for aiohttp~=3.12.14
34.40 make[1]: Leaving directory '/ofrak_ghidra'
34.40 make[1]: *** [Makefile:7: develop] Error 1
34.40 make: *** [Makefile:8: develop] Error 2
34.41 ERROR: pip install of an OFRAK package failed when prohibited from downloading from PyPI. A dependency may be missing from base.Dockerfile. Add it to the appropriate requirements.txt file.
...

With both #689 and #693 included, everything builds without issues.

Anyone you think should look at this, specifically?

@whyitfor