Pin down version number of package dependencies

[jsnel]

In setup.py depend on package x.y.z

We should not allow future versions in case one of our dependencies breaks their API.

[joernweissenborn]

will be fixed with #71

[s-weigand]

As stated in https://packaging.python.org/requirements/

It is not considered best practice to use install_requires to pin dependencies to specific versions, or to specify sub-dependencies (i.e. dependencies of your dependencies). This is overly-restrictive, and prevents the user from gaining the benefit of dependency upgrades.

pyup will take care of keeping the dev dependencies up to date, which travis and appveyor will use to generate the wheels (compiled binary packages) and run the tests.

To let pyup also take care of the install requirements there was a workaround proposed by pyupio/pyup#137 (comment) , with reading the install requirements from an extra file.

But fixing required versions might break users env.
i.e.:
glotaran requires numpy==1.14.0 and the user wants to use a pandas version that requires numpy>=1.15.0, so user gets a warning that glotaran's requirements are not met when pandas is installed last or a warning from pandas if glotaran gets installed last.