pin deps to a ref before deployment (preferably via nimble lock file)

[ee7]

Follow-up for #37 (comment)

Currently, our .nimble file contains:

nim-representer/nim_representer.nimble

Lines 13 to 15 in 34ff2b0

	requires "nim >= 1.6.6"
	requires "nimscripter == 1.0.14"
	requires "docopt == 0.6.8"

which means that we will execute arbitrary code if

• nimscripter or docopt are re-tagged
• or any dependency of nimscripter ( assume, balls, grok, ups, npeg, sync) or docopt (regex, unicodedb) receive a new release.

Ideally, we'd use a Nimble lock file. The current Nim stable release (1.6.6) supports the Nimble version that supports lock files, but does not yet ship with such a Nimble.

The .nimble files of our Nimble dependencies:

• https://github.com/beef331/nimscripter/blob/0105cfc7d825/nimscripter.nimble
• https://github.com/disruptek/assume/blob/c7eeee5aec63/assume.nimble
• https://github.com/disruptek/balls/blob/52a17872d42e/balls.nimble
• https://github.com/disruptek/grok/blob/4b8963fd9a71/grok.nimble
• https://github.com/disruptek/ups/blob/afd93b80bd8c/ups.nimble
• https://github.com/zevv/npeg/blob/a480df260659/npeg.nimble
• https://github.com/planetis-m/sync/blob/9b8c29262863/sync.nimble
• https://github.com/docopt/docopt.nim/blob/65da8739a753/docopt.nimble
• https://github.com/nitely/nim-regex/blob/b10d4b87dae0/regex.nimble
• https://github.com/nitely/nim-unicodedb/blob/675407fa4b6e/unicodedb.nimble