Update requirements for Pip install

This MR tightens the version constraints to avoid known vulnerabilities for cryptography, requests, and setuptools, for standard pip/conda installs of this project.

Debian and RedHat packages will use whatever versions of those projects come with the distribution under the assumption that the distribution maintainers are actively patching serious vulnerabilities