Do not require cached packuments to construct npm resolution from the lockfile

[dsherret]

If we store more information in the lockfile it should be possible to not need to reach into the global cache to get information for running a Deno program that already has the tarballs cached.

Right now we load:

• cpu, os
• dependencies
• dist
• optional dependencies
• bin
• scripts
• deprecated

But probably in the case that the tarballs are cached we can avoid reading the packuments entirely and only require reading them for npm resolution or for fetching the tarballs (Ideally we don't store tarball urls in the lockfile because it can lead to someone changing urls in the lockfile to cause security issues).

This would require a new lockfile version.

Also, we should investigate how we optimize for these three scenarios:

1. information required when everything is cached (this issue)
2. information required when doing npm resolution
3. information required when the package itself is not cached (info to download tarballs)

It might mean doing something like downloading the packument and then creating a subset from it (ex. a shortened version of the packument that only has the information we need).

Related:

• Vendored npm dependencies fail while offline. #24322
• perf(npm): optimize loading npm resolution snapshot from lockfile by only loading necessary version info #27261