[feature request] RO dependencies, or check for dirty for dependencies

[sigmuha]

For new users of bender, not being able to directly work on dependencies from the main repo might be confusing, especially if coming from a project using git submodules.
A way to ease the transition into the bender clone, bender snapshot workflow would be good. Two suggestions:

1. Make the dependencies from the .bender folder read only (RO) so that the user can't apply changes to it. This is the easiest solution but might introduce unexpected behavior:
   • Might mess with some synthesis tools?
   • Would mess with generated sources for the repo
2. Do a pass of the dependencies to check if they are dirty, before potentially overwriting changes during bender update
   • If the user has touched a repo in .bender it should be given an error stating that bender update would overwrite changes.
   • For the user to keep the changes instruct it on how to save the diff, do a bender clone, and reapply the diff in the cloned location.
     • This could be done automatically with bender clone? A flag would it wants to carry over the changes to a cloned version.
   • If the user wants to overwrite the changes a --force or -f flag could be introduced to bender update to override this behavior.