nodejs: add package.json support

[RTann]

Adds support for analyzing NodeJS packages in the form of npm package.json.

Note: This does not currently account for the package.json files being installed due to an rpm. In that case, the package.json file should not be scanned.

[crozzy]

Looks good, just a few comments

[codecov]

Codecov Report

Attention: 33 lines in your changes are missing coverage. Please review.

Comparison is base (7247afe) 52.43% compared to head (70d2937) 52.54%.

Files	Patch %	Lines
nodejs/packagescanner.go	66.23%	20 Missing and 6 partials ⚠️
nodejs/ecosystem.go	0.00%	5 Missing ⚠️
nodejs/coalescer.go	93.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #834      +/-   ##
==========================================
+ Coverage   52.43%   52.54%   +0.11%     
==========================================
  Files         221      224       +3     
  Lines       16893    17005     +112     
==========================================
+ Hits         8857     8936      +79     
- Misses       7224     7251      +27     
- Partials      812      818       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[crozzy]

Just for posterity I believe the idea is that this could be merged but not enabled by default (at least until we have a better idea of how the large number of added package affects performance).

[crozzy]

This LGTM code-wise, could you add a test for the coalescer (akin the rhcc one)? It'd be good to get back into the habit as there is usually some interesting logic in them.