Use constraint files to install dependencies on PRs

[sfc-gh-kbregula]

📚 Context

This change introduces two changes:

• introduces the concept of the canary build.
• uses constraints files when installing dependencies for non-canary builds

Canary build

Canary build is a new concept, but these are PR builds that aim to quickly spot dependency issues or incompatibilities between different versions of Python.

A build is canary if one of the following conditions is met.

• The Github event is a pull request and dependencies have been modified
• The Github event is a push, the default branch(develop) is checked.

All other build is non-canary build.

Constraints files
For pull requests or for local installation, constraint files will now be used by default. This will improve stability as we will be using dependencies that have already been proven to work. Canary build will always install the latest dependencies.

To force install the latest dependencies:

• For PR, we can use the PR dev:upgrade-dependencies label.
• For a local installation, we can use the environment variable USE_CONSTRAINT_FILE=false.

Contribution License Agreement

By submitting this pull request you agree that all contributions to this project are made under the Apache 2.0 license.

[vdonato]

This LGTM + I'd be in favor of making this change!

I think we'll also want to get some other opinions from the team, though, because I could see an argument for never using constraint files when running CI to ensure that we maximize the probability that a breaking dependency is caught as quickly as possible, even if it does result in more pain for us (one could imagine a situation where we miss a breaking dependency for a full day or so because it's a slow day and no merges into develop occur).

In this case, I think that this change strikes the right balance between us being able to keep PRs moving in case a dependency does break and still being able to catch issues as they arise, but it'd be worth seeing what others think.

[sfc-gh-kbregula]

@vdonato scheduled builds never use constraints files, so we have at least 1 build every day that uses the latest dependencies.

With this change, I would like to solve the problem that broken dependencies that have not been modified in any way hinder the work on independent changes.
Example build: https://github.com/streamlit/streamlit/actions/runs/4600656271/jobs/8127530846?pr=6174
This PR is open for quite a while, but does not modify the dependency in any way. I sometimes do a rebase to keep it merge-ready, but unrelated dependency issues make it difficult because I have to rebase multiple times without code changes.

I will ask other people what they think about this change.