feature: Capability to manage npm/jsr/pip dependencies and use specific dependency version for step & scripts

[fengkiej]

Feature request for mechanism to manually manage dependency to ensure version compatibility with current code & preventive measures against supply chain attack

Example Attack Scenario

1. Malicious actor publishes 'left-pad@2.0.0' with harmful code
2. Script using 'left-pad' auto-updates to compromised version
3. Malicious code executes within Windmill environment

[rubenfiszel]

Scripts and steps don't auto update by themselves, they have a lockfile that pin the versions and integrity checks on deployment