Handle Brotlipy outdated hashes, option 1 (of many) - manually update SHAs

[cmharlow]

Goal

Currently, #74 is blocked by the CircleCI container environment wanting to install a copy of brotlipy-0.7.0 Python package where its SHA from upstream doesn't match any of the SHAs in the Pipfile.lock.

One way to approach repairing this is to manually (e.g. outside of pipenv) update the hashes based on the pypi API. This is the command used to get all pypi hashes for brotlipy version 0.7.0 (note this is taken from fishshell, and easily altered to map to bash or zsh alternatives):

for sha in (curl https://pypi.org/pypi/brotlipy/0.7.0/json | jq -r .urls[].digests.sha256); echo "sha256:"$sha ; end

Those shas are then merged into the list in the Pipfile.lock, so all previously existing shas remain and the new ones alone are added in.

Todos:

• If we decide to go this route, we probably should just add this new commit to the relud-patch-1 branch then proceed with the original PR (Handle shim data from GLEAN #74) - or, rebase this branch to remove the relud-patch-1 commits and merge this PR independently of Handle shim data from GLEAN #74.
• ran CircleCI tests_unit job locally to confirm this repairs the issue;

Implementation Decisions

Its not great to manually update the pipenv lockfile manually like this, but it is the most minimal way to update the hashes alone without touching anything else (which Pipenv would prefer to do by its design - see linked, alternative PR).

An alternative implementation to this is via this PR #76 .

All Submissions:

• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

[cmharlow]

Closing in favor of #76