feat: Support SOURCE_DATE_EPOCH

[kpcyrd]

• Ready for review
• Follows CONTRIBUTING rules
• Reviewed by Snyk internal team

What does this PR do?

Introduces support for $SOURCE_DATE_EPOCH to make the timestamps contained in the signal-desktop package distributed by Arch Linux deterministic, resolves #1536.

Where should the reviewer start?

Ensure src/lib/protect/datetime.js looks reasonable, afterwards verify the changes in src/lib/protect/patch.js and src/lib/protect/write-patch-flag.js that simply swap new Date() with datetime().

How should this be manually tested?

export SOURCE_DATE_EPOCH=0 and verify the snyk-*.flag files generated by snyk protect contain a datetime in 1970-01-01 instead of the current date. Afterwards unset SOURCE_DATE_EPOCH, delete node_modules/ and ensure the regular behavior didn't change.

Any background context you want to provide?

Further reading (if necessary):
https://reproducible-builds.org/docs/source-date-epoch/
https://reproducible-builds.org/docs/timestamps/
https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/timestamp

What are the relevant tickets?

#1536

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[kpcyrd]

hey! anything I can do here?

[ghost]

Looks like this is no longer an issue for Signal Desktop as they've removed snyk protect from their build process. I'll close this PR. Feel free to report any new issues to https://support.snyk.io.