With the move to GitLab, we lost the "easy" (slightly hacky) method of checking for unwanted dependencies by uninstalling dev dependencies and then running PHPStan from a Container. The new method of doing this is using a PHP dependency tracking tool, disallowing certain namespace-dependent dependencies in the Fundraising App:
Code in all namespaces starting with `WMDE\Fundraising\Frontend\` (except for code in `WMDE\Fundraising\Frontend\Test`) must not depend on namespaces of libaries listed as dev-dependencies in composer.json and must not depend on any class in the `WMDE\Fundraising\Frontend\Test` namespace.
In a followup ticket we can further improve our architecture rules (e.g. nothing in `src` may depend on code in `app` or `cli`, etc), but that's out of scope.
There are five candidates for dependency analysis:
* https://github.com/mamuz/PhpDependencyAnalysis
* https://github.com/j6s/phparch
* https://github.com/mihaeu/dephpend
* https://github.com/qossmic/deptrac
* https://github.com/carlosas/phpat
The decision on which library to use should be based on two criteria:
1. Does it allow to describe our restrictions? How readable and expressive is this description?
2. How fast is the analysis?