[nodejs] Update npmInstall function to glob required files only

[kylewlacy]

The nodejs.npmInstall() function takes a source option, which the documentation hints should contain your full NodeJS project contents including source code. The current example in the documentation looks like this:

import * as std from "std";
import nodejs, { npmInstall } from "nodejs";

export default function () {
  // Get all the files for the NPM package
  const source = Brioche.glob("src", "package.lock", "package.json");

  // Install the dependencies
  const npmPackage = npmInstall({ source });

  // Run the build script and save the output from `dist/`
  return std.runBash`
    npm run build
    mv dist "$BRIOCHE_OUTPUT"
  `
    .workDir(npmPackage)
    .dependencies(nodejs());
};

Currently, the source project is passed in as-is to download dependencies using npm clean-install. This always works, but means that dependencies will be re-downloaded every time any source file changes in your project.

We should find a way to filter the source recipe to only use the files needed for fetching dependencies. In rust.cargoBuild() for instance, we use cargo chef as a "sanitizing step" before we fetch dependencies, leading to the same dependencies being re-used even if the source code changes.

A naive option would be to just use std.glob(source, ["package.json", "package-lock.json"]), which might work as a starting point but could cause issues if the project e.g. uses path dependencies. Ideally, we should find some holistic way to handle this: either by using a tool like cargo chef for NPM packages, or by analyzing the package.json file ourselves to determine what files we need to include.