Pants: Minimize/Update 3rd party requirements constraints

Using the pants venv, the tests all pass with these requirements.
I hacked the Makefile to test that in CI in #6130.
This extracts just the requirements bits from that PR.

Lockfile diff: lockfiles/st2.lock [st2]

==                    Upgraded dependencies                     ==

  amqp                           5.0.6        -->   5.2.0
  bcrypt                         3.2.0        -->   4.1.2
  cffi                           1.14.6       -->   1.16.0
  eventlet                       0.30.3       -->   0.36.1
  filelock                       3.13.3       -->   3.13.4
  kombu                          5.2.2        -->   5.3.6
  oslo-utils                     4.13.0       -->   7.1.0
  stevedore                      2.0.1        -->   5.2.0
  tenacity                       6.3.1        -->   8.2.3
  vine                           5.0.0        -->   5.1.0

==                      Added dependencies                      ==

  typing-extensions              4.11.0

Author: cognifloyd

lockfiles/st2-constraints.txt

@@ -24,21 +24,26 @@ MarkupSafe<2.1.0,>=0.23
 
 # REQUIRED BY: kombu
 # REASON: unknown -- this looks like a lockfile-style pin
+#         kombu 5.0.2 requires amqp>=5.0.0,<6.0.0
+#         kombu 5.1.0 requires amqp>=5.0.6,<6.0.0
+#         kombu 5.2.3 requires amqp>=5.0.9,<6.0.0
+#         kombu 5.3.0 requires amqp>=5.1.1,<6.0.0
 # NOTE: try to remove constraint later.
-# DROPS RESOLVED VERSION: 5.1.1
-amqp==5.0.6
+# DROPS RESOLVED VERSION: 5.1.1 or 5.2.0
+#amqp==5.0.6
 
 # REQUIRED BY: cryptography, paramiko, passlib
 # REASON: unknown -- this looks like a lockfile-style pin
+#         bcrypt 4 is a rewrite in rust and wheels are manylinux2014 instead of manylinux2010
 # NOTE: try to remove constraint later.
 # DROPS RESOLVED VERSION: 4.0.1
-bcrypt==3.2.0
+#bcrypt==3.2.0
 
 # REQUIRED BY: bcrypt, cryptography, pynacl, zstandard
 # REASON: unknown
 # NOTE: try to remove constraint later.
 # DROPS RESOLVED VERSION: 1.15.1
-cffi<1.15.0
+#cffi<1.15.0
 
 # REQUIRED BY: orquesta, prance, requests
 # REASON: requests 2.23 requires chardet < 3.1.0
@@ -62,9 +67,10 @@ cffi<1.15.0
 dnspython>=1.16.0,<2.0.0
 
 # REQUIRED BY: eventlet
-# REASON: unknown -- this looks like a lockfile-style pin
-# NOTE: We are having a hard time upgrading eventlet, so this pin is commented
-#       out to see if that will help. If any tests fail, uncomment this.
+# REASON: eventlet is difficult to upgrade.
+#         greenlet 2 adds py3.11 support, platform compat changes, and better error checking
+#         greenlet 3 adds py3.12 support, drops py3.6 support, fixes various crash conditions
+# NOTE: If constrained, bump carefully. Tests seem to be passing without this constraint.
 # DROPS RESOLVED VERSION: 1.1.3.post0
 #greenlet==1.0.0
 
@@ -81,13 +87,13 @@ dnspython>=1.16.0,<2.0.0
 # REASON: unknown
 # NOTE: try to remove constraint later.
 # DROPS RESOLVED VERSION: 4.13
-oslo.utils<5.0,>=4.0.0
+#oslo.utils<5.0,>=4.0.0
 
 # REQUIRED BY: tooz
 # REASON: unknown
 # NOTE: try to remove constraint later.
 # DROPS RESOLVED VERSION: 8.1
-tenacity>=3.2.1,<7.0.0
+#tenacity>=3.2.1,<7.0.0
 
 # REQUIRED BY: st2-auth-backend-flat-file
 # REASON: unknown -- this looks like a lockfile-style pin
@@ -111,4 +117,4 @@ tenacity>=3.2.1,<7.0.0
 # REASON: importlib-metadata requires typing-extensions but v4.2.0 requires py3.7+
 # NOTE: try to remove constraint later.
 # DROPS RESOLVED VERSION: 4.1.1
-typing-extensions<4.2
+#typing-extensions<4.2