dependencies: associate extensions with deps, validate use_category.

[htuch]

This PR introduces a few related changes:

• use_category is restructured to distinguish core/extension deps. There's also an extension
  allowlist added for each dependency in the dataplane_ext and observability_ext category.

• tools/dependency/validate.py is introduced to validate a bunch of structural relationships
  implied by the bazel/repository_locations.bzl metadata. This includes that test-only deps
  aren't used in //source/.., that some obvious dataplane/controlplane packages taint the
  appropriate reachable deps and that the association between extensions/deps holds.

• The CI docs job now runs tools/dependency/validate.py.

• The dependency dashboard at
  https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/external_deps
  to include granular information on which dataplane/observability deps come from core/extensions.

• Some misc. cleanup of source code dep that came up while working on this.

Risk level: Low
Testing: Pyunit tests added for validate.py.

Part of #12673.

Signed-off-by: Harvey Tuch [email protected]

[repokitteh-read-only]

CC @envoyproxy/dependency-watchers: FYI only for changes made to (bazel/repository_locations\.bzl)|(api/bazel/repository_locations\.bzl)|(.*/requirements\.txt).

🐱

Caused by: #13340 was opened by htuch.

see: more, trace.

[moderation]

LGTM - as discussed in Slack I'll PR my changes to the API dependencies so we can bring them into the docs output too

[htuch]

Example docs output at https://386305-65214191-gh.circle-artifacts.com/0/generated/docs/intro/arch_overview/security/external_deps.html

[mattklein123]

Neat!!! Just one small typo I found.

/wait

[phlax]

@htuch ive left a mostly python style/formatting review, as im only just becoming familiar with the code here.

the output looks very useful