Ban upwardly open version ranges in dependencies on base
Fixes ticket #435. This is an approximation. It will ban most but not all cases where a package specifies no upper bound. There should be no false positives however, that is cases that really are always bounded above that the check flags up. Doing a fully precise test needs a little more work.