fix(pip): Validate package names and versions

[knqyf263]

Description

A repository may have requirements.txt with a templating engine which is being used to generate the final requirements.txt file.
For example, this is a line from the mentioned requirements.txt file:

%ifcookiecutter.command_line_interface|lower=='click'-%}

Since we scan all requirements.txt files while doing a file system scan, we would be splitting the line by == to get the package name and version (as per logic here). It's better to add some validation against package names and versions, such as if the name doesn't use invalid characters, the version follows PEP440, etc.

{
      "Target": "opt/conda/pkgs/cookiecutter-2.6.0-py311h06a4308_0/info/test/tests/test-templates/include/{{cookiecutter.project_slug}}/requirements.txt",
      "Class": "lang-pkgs",
      "Type": "pip",
      "Packages": [
        {
          "Name": "{%ifcookiecutter.command_line_interface|lower",
          "Identifier": {
            "PURL": "pkg:pypi/%7B%25ifcookiecutter.command-line-interface%7Clower@%27click%27-%25%7D"
          },
          "Version": "'click'-%}",
          "Layer": {}
        },
        {
          "Name": "{%ifcookiecutter.use_pytest",
          "Identifier": {
            "PURL": "pkg:pypi/%7B%25ifcookiecutter.use-pytest@%27y%27-%25%7D"
          },
          "Version": "'y'-%}",
          "Layer": {}
        }
      ]
    }

Reference

aquasecurity/go-dep-parser#307