Cookiecutter-django: Pin base Docker images up to bugfix releases

Description

django and other Docker Compose service images' base image versions must be pinned to the corresponding bugfix releases i.e. pinned down to the maximum attainable semver depth.

Rationale

I've just been racking my brains trying to figure out why one of my project's Docker Compose stack has been failing with weird erros while exactly the same git state was successfully reproduced on my fellow teammates' machine hassle-free. Eventually, I figured out the app's image was relying upon python:3.6-alpine as base image -- the one I already had pulled to my host about a year ago. By contrast, some other developers' machines had been wiped out clean beforehand, with all the Docker images pulled in fresh afterwards. Hence, their local setups had been using the now-latest python:3.6.6-alpine3.8 while my pre-existing python:3.6-alpine-matching base image was 9 months old.

Anticipating the possible objection on pinning minors rather than patches due to automatic pulling of bugfix releases -- what I've stumbled upon here renders such concerns irrelevant; besides, there is a number of automatic dependency management solutions, like pyup or dependencies.io allowing to strategize upgrade policies in explicit rather than implicit manner.