feat: improved scannning a python site-packages directory

[terriko]

It came up in a question I got that someone is scanning their site-packages directory as a way to see if they have vulnerabilities.

While we do read the METADATA file I'm not sure it works quite as well as one might expect. For example, I'm not sure if we do some the things we added later with requirements.txt scanning to use pip and figure out indirect dependencies.

Would love it if someone had some time to review that code and see what (if anything) we could do to better support scanning a whole site-packages directory. Maybe it's fine? but I feel like it could almost certainly be better.

[JigyasuRajput]

Hey! @terriko,
Just a quick follow-up on this issue. I have raised PR #4823 to address it and have refined the implementation based on discussions. If there are any concerns or suggestions for improvement, I'd be happy to work on them. Looking forward to your feedback. Thanks!