Improve error handling when the verification file cannot be read Before this change, a failure to read the file would prevent the services from being initialized, which wasn't user friendly. Now the error is deferred when the actual resolution happens.
Add dependency verification mode This commit introduces a selection of the dependency verification mode. There are 3 different modes: strict (default), lenient and off.
The lenient mode has been added because dogfooding the feature showed it could be painful to udpate the dependency verification metadata file without such an option: often we want to diagnose why a dependency is here, but as soon as the dependency verification file is present, verification is active and immediately fails the build.
This effectively prevents from using the usual tooling to check where a dependency comes from. The workaround was to temporarily rename the file, run the build, then rename again, which was tedious.
So, instead of adding a mode where verification would be totally ignored, this commit introduces a mode where the errors are turned into warnings. This doesn't totally silence the problems, which makes them more visible to the developer.
The "off" mode is for use cases where users prefer not to deal with upgrades locally, but want to see verification happening on CI only.