Add dep version to manifest and check before mutating lock

[vektah]

As dep continues to change it would be nice if we could have some version constraints around what versions of dep are allowed to write changes to the lock. This is important when collaborators have different versions of dep to prevent large unnecessary changes to lock files.

Eg if a project is using 0.4.1 of dep, which changes lock formatting being able to add something to Gopkg.toml like:

[dep]
  version = "^0.4.0"

not advocating any particular structure, just an example

if running with dep 0.3.x, either display a warning or hard bail:

$ dep version
0.3.1

$ dep ensure -update
refusing to modify lock from a newer version of dep

Obviously this feature wont be useful for any version of dep that doesn't include the check, but thats probably a good reason to get this in before any larger changes to the lock land.

For people not working on the project dep ensure -vendor-only should probably continue to work (assuming that there isnt actually a BC break in the lock / manifest)

see also npm engines

[mvdan]

Dep was officially deprecated earlier this year, and the proposal to archive this repository was accepted. As such, I'm closing outstanding issues before archiving the repository. For any further comments, please use the proposal thread on the Go issue tracker. Thanks!