Add documentation to purpose of protodep.lock

[nathan-shippo]

After using the tool and reading the documentation, I am unsure if protodep.lock should be checked in and the overall purpose that it serves. It is a generated file that seems to expand upon and further specify what is needed to define a dependency from the protodep.toml file. Also it seems to prevent changes to previously locked dependencies when updated in the toml file, when protodep up is called without -f. Using lock files in this was for dep management may be a common practice that is obvious to those who have run across this use of lock files, but for those like myself who aren't familiar, the documentation here is quite lacking on an explanation.
Personally I would want to always build based on the latest protodep.toml by always calling protodep up -f and disregard the protodep.lock file in source control.
I think it would help to add clarity in the README to (1) the purpose of the lock file, (2) if it should be checked in to the repo, and (3) when to force and not force update the proto deps.