Relock patches.lock.json on package install or update

[rajeshreeputra]

Description

Relates to/closes #479.

Related tasks

• Documentation has been updated if applicable
• Tests have been added
• Does not break backwards compatibility OR a BC break has been discussed in the related issue(s).

Other notes

Testing steps:

1. Add patch in root composer.json for package "vendor/a" with version 1.0.0
2. Require package using composer require vendor/a:~1.0.0
3. Now lock the patches.lock.json file using composer prl
4. Now apply patches using composer prp
5. Verify patch is applied to package(vendor/a)
6. Now remove patch from root composer.json for package "vendor/a"
7. Now update package using composer update vendor/a:~1.1.0
8. Verify that the patches.lock.json file is not updated
9. Verify composer-patches plugin trying to apply the patch to vendor/a package version 1.1.0
10. Now apply changes from PR to composer-patches plugin
11. Now update package using composer update vendor/a:~1.2.0
12. Verify that the patches.lock.json file is updated

[cweagans]

I don't think this is the right behavior. Updating an existing lock file should be an explicit action that somebody takes, not something that happens automatically.