Is your feature request related to a problem? Please describe.
Project dependencies can easily break and pseudo-frozen (chilled?!) requirements.txt gives false sense of "project couldn't have broke because of requirements, they are all locked". If package_a needs package_c>1.0, but package_b needs package_c<=1.0 we're potentially screwed, once package_c gets updated to 1.1.
We don't have a way to separate dev vs prod dependencies except making separate requirements files.

Describe the solution you'd like
Migrate to pipenv:

1. install pipenv in deployment scripts
2. convert all requirements.txt files to pipfile files:
   • gather all monkey requirements and convert them to a single pipfile with prod and dev dependencies separated
   • gather all island requirements (including from requirement files in envs/monkey_zoo/blackbox, monkey/common/cloud/scoutsuite and others.) and convert them to a single pipfile with prod and dev dependencies separated
3. replace usages of requirements.txt to usages of pipfile in deployment scripts
4. In our build environment/build scripts replace pip install -r to pipenv install
5. Add pipenv lock either as a git hook before merge/push or at least before building the release

Describe alternatives you've considered
leaving as it is