Generate non-conflicting frozen upstream test requirements

[mattsb42-aws]

pyca/cryptography runs downstream tests for this project and other to verify that their changes have not broken identified downstream dependencies.

Today, an update to botocore broke moto, which broke this repository's tests, which broke the pyca/cryptography downstream tests. pyca/cryptography#4415

We need to define and automate creation of a special frozen test requirements file for upstream tests to use when testing this repository in order to avoid this happening again.

[mattsb42-aws]

The thing that makes this complicated is that we need to:

1. Freeze OUR test dependency versions
2. NOT freeze any of pyca/cryptography's versions or dependency versions

A naive pip freeze and install from the results ends up uninstalling any mentioned dependencies that are referenced in the frozen file. This is a problem because it would result in the pyca/cryptography dev build being uninstalled and overwritten by the version that we last froze on, defeating the point of the downstream tests.

What we need to is:

1. Freeze our dependencies
2. Freeze pyca/cryptography's dependencies at that time
3. Remove all members of 2 from 1.
4. Use the resulting set for the upstream test dependencies that we store.

Because of this, we will need to maintain separate upstream test dependency files for each dependency. Currently this is only pyca/cryptography, but we should anticipate others being added in the future and make sure that whatever we do does not cause problems then.