Skip locked requirements.txt for Docker image.

Don't ship a requirements.txt file with locked versions of packages just
for the Docker image. The test don't include the dependencies anyway so
there's no point and without hashes there's no security benefits.
Instead use bump-version to update the version in the Docker image and
remove hashin package and the update-reqs pipenv script.