Add CI check for dependencies from the edx GitHub org

[timmc-edx]

We occasionally end up with a Python dependency in edx-platform that comes from the edx GitHub org, which should not be the case -- dependencies that are specific to Open edX and that are used in the base requirements of an IDA should be maintained in the openedx GitHub org instead.

Ned has written some tooling to discover this for Python and NodeJS packages: https://github.com/openedx/repo-tools/tree/master/edx_repo_tools/find_dependencies

The repo-tools scripts download the dependencies for all repos, and a single run takes about 2 hours. However, it should be possible to turn this into a CI check for a single repo by installing Python requirements as we normally do (and take advantage of GitHub Actions caching to speed this up), since the installed packages in the virtualenv will have the METADATA files we need for this analysis. Perhaps the script in repo-tools could be adjusted to read from a virtualenv. It's worth reusing the tool, since it has some smarts such as following redirects.

It's also possible we won't end up wanting to do this work, depending on what Axim decides about these "second party" repos.

This is related to #33189 which talks about a more generic workflow to accomplish this across the org.