Python Support

During sync, there is a check to see if each package has versions already in pulp, but not associated with the repo. The importer incorrectly associates ALL versions that are in pulp, instead of only the ones in the upstream feed.

To reproduce:

1. sync a package by name from pypi to repo "foo"
2. create a new package with the same name but a unique and scary version (perhaps 0.0.93.soclose), and upload it to repo "bar"
3. sync repo "foo" again
4. note that your scary new uploaded version found its way into repo foo!

The offending code is here: https://github.com/pulp/pulp_python/blob/pulp-python-1.0.1-1/plugins/pulp_python/plugins/importers/sync.py#L101

It fails to limit "versions_to_associate" to only versions in "all_versions".

I noticed this because of package "numpy" at version "1.10.0.post2". This bug is masking a different bug, where that package sometimes is detected as version "1.10.0.post2", and sometimes as just "1.10.0", and as a result would fail to be associated during sync when already present in pulp, but not in the current repo.