summary.allDependencies include dev_dependencies

[jonasfj]

https://pub.dev/packages/googleclouddatastore/pubspec

has summary.allDependencies that includes protoc-plugin.

Context: I noticed this because I have APIs that sanitizes output from pana, and protoc-plugin is not a valid package name, so it complained.

IMO, summary.allDependencies should be all packages that when updated may affect the analysis of this package.
Or we should introduce another property on summary that is dependencies as a list of package names that when updated should trigger reanalysis.

[isoos]

Based on the current uses of Summary.allDependencies, I think we may leave out the dev dependencies out of it.

However, while checking the uses of it, I've found that we also add the dev dependencies to the search index without verification: _buildDependencies in https://github.com/dart-lang/pub-dev/blob/master/app/lib/search/backend.dart#L169. We should either provide the fully verified dependencies map through pana, or not add those values to the search index.

[sigurdm]

Seems to still be the case: https://pub.dev/api/packages/googleclouddatastore/metrics?pretty