CI: pin tox at the project level

New tox has a bunch of incompatibilities -- on master it's worth fixing
things so we can work in the new world, but on stable branches it seems
simplest to keep ourselves in the old world.

Do it at the project level to ensure the pin applies to the
periodic-stable jobs.

Also simplify our warning suppressions. The message filter is a regex,
so any prefix of the message will suffice. This allows us to also drop a
new message seen on CentOS 8:

   CryptographyDeprecationWarning: Python 3.6 is no longer
   supported by the Python core team. Therefore, support for
   it is deprecated in cryptography. The next release of
   cryptography (40.0) will be the last to support Python 3.6.

As we've previously seen with cryptography warnings, this can slow down
our probe tests to the point that they time out.

Change-Id: I316170442c67c1b4a5b87f9a1168cc04ca2417b8
(cherry picked from commit 5637dddcdd)
(cherry picked from commit 191bb266dc)

.zuul.yaml

@@ -617,6 +617,8 @@
        - swift-tox-func-py38-arm64
 
 - project:
+    vars:
+      ensure_tox_version: '<4'
     templates:
       - publish-openstack-docs-pti
       - periodic-stable-jobs

swift/__init__.py

@@ -79,13 +79,7 @@ if (3, 0) <= sys.version_info[:2] <= (3, 5):
 
 warnings.filterwarnings('ignore', module='cryptography|OpenSSL', message=(
     'Python 2 is no longer supported by the Python core team. '
-    'Support for it is now deprecated in cryptography, '
-    'and will be removed in a future release.'))
-warnings.filterwarnings('ignore', module='cryptography|OpenSSL', message=(
-    'Python 2 is no longer supported by the Python core team. '
-    'Support for it is now deprecated in cryptography, '
-    'and will be removed in the next release.'))
+    'Support for it is now deprecated in cryptography'))
 warnings.filterwarnings('ignore', message=(
     'Python 3.6 is no longer supported by the Python core team. '
-    'Therefore, support for it is deprecated in cryptography '
-    'and will be removed in a future release.'))
+    'Therefore, support for it is deprecated in cryptography'))

tools/playbooks/common/install_dependencies.yaml

@@ -35,14 +35,17 @@
     - name: install python modules with pip
       pip: name={{ item }} state=present extra_args='--upgrade'
       with_items:
-        - crudini
+        # For some reason, pip on py2 isn't smart enough to prevent us
+        # trying to install a too-new mock??
+        - 'mock<4'
+        # crudini pulls in iniparse which can conflict with distro-installed
+        # packages on centos7
+        - 'crudini<0.9.4'
+        # Order matters; install constrained versions *first*, then unconstrained
         - eventlet
         - nose
         - pyeclib
         - python-swiftclient
-        # For some reason, pip on py2 isn't smart enough to prevent us
-        # trying to install a too-new mock??
-        - 'mock<4'
 
     - name: install PasteDeploy - CentOS 7
       pip: name={{ item }} state=present extra_args='--upgrade'