Remove pipenv in favor of pip-tools

[redshiftzero]

Unfortunately Pipenv isn't working well for our use case: we want to be able to selectively update single dependencies without updating other (unrelated) dependencies. While Pipenv does have some other nice features, this feature is a must-have. There are a bunch of upstream issues/PRs already tracking this:

• Updating only one locked dependency pypa/pipenv#966
• Add a pip-style --upgrade-strategy setting to pipenv lock? pypa/pipenv#418 (comment)
• Upgrading a dependency with --selective-upgrade doesn't seem to work with 2018.6.25 pypa/pipenv#2412
• Confusion: --keep-outdated --selective-upgrade pypa/pipenv#3461
• Full implementation of --keep-outdated pypa/pipenv#3304 (I just installed Pipenv from git and tried to use the functionality introduced in this PR, but when I tried to use it to update sqlalchemy only for upgrade sqlalchemy >= 1.3.0 #335 it still updated unrelated dependencies)

We've tried to work around this with #233, or by manually editing Pipfile.lock (which defeats the purpose of using a tool), and at this point I think we've spent too much time trying to get this tool to work for us, and should just fall back to using pip-tools as we do over in SecureDrop core. We can re-evaluate later if the situation upstream changes.