Dep: Warn when project constraint is missing in Gopkg.toml

mmmm, almost - a [[constraint]] is useful if either a version rule OR a source rule is present. but other than that, yeah, this would be good to add 😁

Hey @sdboyer @darkowlzz can I pick this one up?

@JackyChiu go for it! 👍

@sdboyer @darkowlzz The importers make entries like this when a constraint version/branch cannot be determined. Here's the original PR where that behavior was introduced https://github.com/golang/dep/pull/901. If we are going to start warning about config that dep itself is generating, then we'll need to change the importers to do something different.

I can't find the original issue/discussion on why we use gps.any for the constraint, instead of ommitting it, but I thought it had to do with confusion around getting an empty manifest (but populated lock) after importing.

UPDATE: Found them: https://github.com/golang/dep/issues/149 and I think somewhere in this monster issue https://github.com/golang/dep/issues/213.

@carolynvs a quick update. I had a discussion with Sam about this and we decided to omit those projects from manifest for which we don't have proper/useful constraints.

Thanks for the quick clarification! I've created https://github.com/golang/dep/issues/1373 to get the importers tweaked to match and flagged it with help wanted.