[Feature] Implement modular cache system, referencing PNPM's model

[Qonfused]

Follow-up to #4 (comment).

The basic idea is to add an additional packages scope under the lock file that contains filepath locations to either a (project) local or global cache, which can store additional metadata and checksums useful for revalidating cache and avoiding duplicate external requests. This will additionally update the cacheKey to ensure updated caches cooperate with external caching systems (e.g. through GitHub Actions).

Additionally, by performing a check against the stored checksum (when updating cache), this approach can harden security against supply chain attacks by leveraging these checksums as a source of truth for the package contents. This addresses a potential concern raised in #4 (comment) without much additional work to the caching model.