Invalidate lockfile when import map package requirements change

[dsherret]

It would by nice to give package requirements in a deno.json/import map the ability to invalidate the lockfile when they change. See #20868 for why.

This would require:

• Storing the package requirements found in the import map in the lockfile.

When the lockfile and import map differ, then:

1. If a package package requirement is added, it will invalidate the lockfile, keep the previous package requirements, and add the new one.
2. If a package package requirement is removed, it will invalidate the lockfile, keep the other requirements, and remove the requirement that was removed along with all its dependencies from the lockfile (part of the lockfile invalidation).
   • This assumes the package requirement is not used in a module directly elsewhere, which I think is ok. It will be added back automatically if so.
3. If a package requirement is changed, it will do both of the above steps.

[dsherret]

Oh, this was done in #22004