Requirements output different since 2023.7.1 causing pip install issues

[timhourigan]

Issue description

The output of pipenv requirements --hash has changed slightly in 2023.7.1 (#5757) and pip appears to be sensitive to it in some scenarios, causing pip to be unable to install the package(s) from the generated requirements.txt.

Snippet of requirements.txt generated with 2023.6.26

pyzip==0.2.0 ; python_version >= '3.1' --hash=sha256:c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298

Snippet of requirements.txt generated with 2023.7.1 - The hash is now before the marker

pyzip==0.2.0 --hash=sha256:c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298; python_version >= '3.1'

Expected result

• 2023.7.1 generates a requirements.txt as per 2023.6.26

Actual result

• 2023.7.1 generates a slightly different requirements.txt

Steps to replicate

Pip successfully installs the package with the 2023.6.26 requirements.txt:

$ pipenv run pip --version
pip 23.1.2

$ cat requirements_2023.6.26.txt
pyzip==0.2.0 ; python_version >= '3.1' --hash=sha256:c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298

$ pipenv run pip install -r requirements_2023.6.26.txt -t test_dir
Collecting pyzip==0.2.0 (from -r requirements_2023.6.26.txt (line 1))
  Using cached pyzip-0.2.0-py3-none-any.whl
Installing collected packages: pyzip
Successfully installed pyzip-0.2.0

Pip fails to install the package with the 2023.7.3 requirements.txt, thinking there is a hash mismatch even though it displays two identical shas:

$ pipenv run pip --version
pip 23.1.2

$ cat requirements_2023.7.1.txt
pyzip==0.2.0 --hash=sha256:c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298; python_version >= '3.1'

$ pipenv run pip install -r requirements_2023.7.1.txt -t test_dir
Collecting pyzip==0.2.0 (from -r requirements_2023.7.1.txt (line 1))
  Using cached pyzip-0.2.0-py3-none-any.whl
  WARNING: The hashes of the source archive found in cache entry don't match, ignoring cached built wheel and re-downloading source.
  Using cached pyzip-0.2.0.tar.gz (6.3 kB)
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    pyzip==0.2.0 from https://files.pythonhosted.org/packages/40/72/e29470ecfb5f2bc8cdd2a1b8a6aa14af8d44aa08fe5efa407cd991ce2c64/pyzip-0.2.0.tar.gz (from -r requirements_2023.7.1.txt (line 1)):
        Expected sha256 c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298;
             Got        c0b10776d798e4be9d5fe6eec541dd0a9740b6550b12fd4cfa238a085686a298

I will raise a PR with a fix for consideration.