Packages: come up with robust solution to deal with deleted/updated package contents

Created by: olafurpg

Currently, we cache the contents of a package version in gitserver and don't send more HTTP requests to re-fetch the contents assuming it's immutable. However, it's false to assume that all package hosts are immutable. Artifactory typically permits updating or deleting packages, and public hosts like crates.io reserve the right to exceptionally remove or update published crates.

By not fixing this issue, we risk displaying package contents that inaccurately reflect the contents upstream on the package host. For example, this could cause problems for security researchers who are using Sourcegraph to perform security audits of packages. However, it's worth noting that nobody executes the code from Sourcegraph packages so when a package is deleted/updated due to security vulnerabilities, the vulnerability won't be executed due to how Sourcegraph shows stale contents from package hosts.