deps extractor: Add support for subfilesystems/subpaths

[puerco]

Minder's dependency extractor interface takes an fs.FS filesystem and walks through it, returning dependency data from any source it finds. The whole filesystem approach makes it hard for rules that need to evaluate only from dependencies sourced from a subpath of the code base. The best example of this is a monorepo when many projects are hosted in the same repository.

To solve this we should add a setting to the dependency extractor options (these don't exist yet) with a path we could use to restrict the scanning process. There are several ways of approaching this:

1. Support fs.SubFS: The problem here is that we reduce the kinds of filesystems we can feed to the extractor (not all fs.FS implementations support SubFS)
2. Filter results: This means inefficiently scanning the directories that are out of scope.
3. A mix of both
4. Another method

The path could also be a file.
This is useful when we know the exact source of dependencies (eg requirements.txt in python projects). In this case we could scope the extractor scanning process to only act on that file.

Related to #5127