Avoid pruning unused dependencies for buf dep update

[doriable]

When running buf mod update, we want to include in the buf.lock deps
that have been configured in buf.yaml and may not be used yet. This is to
support workflows where a user can configure a dependency and buf dep update
before they use the newly configured dep in their proto definitions.

Prune does the following things right now:

• builds the workspace
• remove unused dependencies from the buf.lock
• check for dependencies not configured in buf.yaml that are present in buf.lock

The first step is necessary for buf dep update for tamper-proofing and validating
the build. However, the latter two steps are unnecessary -- we want to keep
unused dependencies and their transitive dependencies, and since dep update
gets the dependencies from buf.yaml and writes them into buf.lock, there
will not be dependencies present not from the buf.yaml, so that step is a
no-op.

So instead of running Prune, we validate the build after the logic for dep udpate
and we log out the unused dependencies as a warning to the users (but we do not
remove them).

[doriable]

Found something in testing today: when pulling in a new dependency that is not used yet, we do not pull in its transitive dependencies... I think this is expected/fine since you may not end up needing all transitive dependencies from the new dependency. But I wanted to note this.

[saquibmian]

I don't think this is right.

[saquibmian]

Minor comments

[pkwarren]

Changes look good - two minor comments.