Write our own minimum copy of npm in Python to remove dependency on Node.js during installation

[Xmader]

closes #116

[wesgarland]

There must be a simpler way to handle the error condition of npm not existing than to write and ship a replacement package manager. How about sys.exit('npm not found - please install and pip install pythonmonkey again')

If we were to ship this, it would need to

• resolve packages in a way that conflicting version numbers in dependencies work properly by virtue of node_modules. (i.e. naive path flattening is not good enough)
• fire npm hooks correctly
• support npm audit
• interoperate correctly with Tidelift
• support pminit npm i <user package> after install
• resolve the latest package names that match package.json, not package-lock.json.
• never, ever, have a versioning bug that can miss an update and expose Distributive to legal liability problems from a third party

That last two are why I don't want to ship packages with the wheel. Besides shipping cool software, I need to protect the company from ever being associated with a security problem, eg. getting mentioned in a CVE vulnerability report. This could seriously harm our ability to carry out our core business in the future.

Some day, I would like to have enough node-compatibility capability to actually run npm via pythonmonkey. We could maybe use pmpm to install npm as a special bootstrap case, since it has no dependencies. But we are quite a ways off from this, and we really need to focus on getting dcp-client running in web-compatibility mode before that.
Is there perhaps a way we can pass a command-line switch into pip that changes the package manager?

[wiwichips]

This MR is set to draft and will not be revisited until later - see comment here: #129 (comment)

[Xmader]

I've made the CI green, so that we could easily continue the work later.