Servers with pyproject.toml should also have a corresponding uv.lock

[pjin-nvidia]

For example, the VLLM responses API model server has a pyproject.toml, but no uv.lock:

https://github.com/NVIDIA-NeMo/Gym/tree/main/responses_api_models/vllm_model

Without a uv.lock, server dependencies can get silently upgraded on server venv setup (e.g. vllm_model depending on vllm ≥ 0.11.2, so vllm is immediately upgraded on a new release), which poses an obstacle to reproducibility, and may introduce regressions or security issues.