Unpin tox

[jmbowman]

We pinned tox back in December because the 4.0.0 release broke most of our CI runs. It's quite possible that this has been resolved by now, so we should attempt to remove this pin (requested by Axim in https://openedx.slack.com/archives/C0497NQCLBT/p1682004301805179).

Proposed A/C:

• Use the workaround from the Slack thread above to allow upgrading tox in edx-platform (chosen because it's the repo most likely to hit nasty corner cases in almost any upgrade). If CI fails with the latest version, spend a little time attempting to resolve.
• If we can get edx-platform CI working with the latest tox release, merge the PR with those changes. If any changes were needed which are also likely to be needed in other repos upgrading to the latest version, announce them via all appropriate communications channels.
• If all the above goes well, remove the pin from common_constraints.txt so other repos can upgrade tox normally.
• Remove the edx-platform workaround for the common tox constraint, if it was merged.

[jmbowman]

Another reason to get this done: the old version of tox depends on the py package, which has an outstanding security flaw. It doesn't impact us (only exploitable if used in conjunction with a Subversion repository), but it clutters up the security dashboard with issues we'll otherwise need to manually inspect and dismiss in dozens of repositories.

[iamsobanjaved]

Need the following issue to be done, before we can remove the tox constraint from common constraints. Because whitelist_externals is removed from tox version 4.0.0. While we can do the first step mentioned in the description, unpin explicitly in edx-platform by removing tox constraint using sed command in make upgrade.

• Replace whitelist_externals with allowlist_externals in tox file for all repos edx/edx-arch-experiments#130