Add Packaging Guide entry on dependency locking

[ucodery]

Creating a sub issue for a new page that would be valuable for advanced readers of the Packaging Guide: Locking.

Now that the PyPA has a blessed lockfile standard, pylock.toml, there is an obvious preferred choice for PyOS to recommend, that will work in the widest number of situations.

When we get around to it, it should be noted that locking is not a always-yes, nor an always-no answer for projects. Each project must make the decision for themselves. The decision ultimately involves not just technical problems, but security implications (good and bad for both sides), maintenance implications, and social community implications, at least.

[lwasser]

Love this 🚀