Avoid updating dependencies in `jh/Gemfile.lock` automatically

Problem to solve

This issue was brought up from https://gitlab.com/gitlab-jh/gitlab/-/issues/200#note_687880878 where we're using gitlab-jh/code-sync> to update jh/Gemfile.lock automatically. That was done by https://gitlab.com/gitlab-jh/code-sync/-/merge_requests/12

However, this approach has a downside that while it can bring dependencies in jh/Gemfile.lock up-to-date with Gemfile.lock, it'll also upgrade all JH-specific gems in jh/Gemfile automatically. This is like having an automated process to update all the dependencies without making sure it'll pass CI first.

This can be more severe than it looks while it's using gems from Git:

• https://gitlab.com/gitlab-jh/gitlab/-/commit/77a779b24c5a296a3471f60654e12f584fc24743 1.0.161 => 1.0.168
• https://gitlab.com/gitlab-jh/gitlab/-/commit/f109d4a00a9f1e62f04aaea0cac598987d4cac75 1.0.168 => 1.0.169
• https://gitlab.com/gitlab-jh/gitlab/-/commit/9c0909f4f8fbf2dc8a0c5747acdf2f2da2256b64 1.0.169 => 1.0.170

Just a few days this brought version from 1.0.161 to 1.0.170 automatically, before even passing CI.

Proposal

In short-term, we should lock tencentcloud-sdk-sms to a specific version in jh/Gemfile so it'll not update the versions without our awareness.