Warn or error if pin-depends is used

[hannesm]

see ocaml/opam-repository#14978
opam packages released to opam-repository contain checksums of tarballs to ensure that the same tarball is used for installation as intended by the person doing a release. opam packages which point to a branch / tag are generally not accepted AFAICT.

opam 2.0 introduced a pin-depends stanza to specify dependencies of certain off-trunk dependencies (i.e. a custom version of yyy). I just discovered that the opam-repository contains few packages with pin-depends, which I assume should not be there, applying the same rule above.

[AltGr]

The difference is that pin-depends is clearly specified to be effective only when the package gets pinned. So it is harmless when using the repository, and might be useful when using e.g. opam pin foo --dev (where it will become effective).

This said, leaving them could be a mistake, so I don't really have an opinion about adding a warning.