[ANE-1166] Support lock-file v6 for pnpm

[meghfossa]

Overview

This PR,

• Adds support for pnpm lock-file: 6.0, which is default format with pnpm 8.x.

Sibling PR: fossas/example-projects#10

Acceptance criteria

As a user,

• I can analyze pnpm project using lock-file, with6.0
• I can analyze pnpm workspace project using lock-file, with6.0

Testing plan

I added automated tests.

• You can also test by performing fossa analyze -o against any pnpm project using 8.x

For example,

# Make fossa-cli
git pull origin && git checkout feat/pnpm-lock-v6 && make install-dev

# Get cases
cd ..
git clone -b feat/adds-pnpm-v6 git clone https://github.com/fossas/example-projects

# Analyze
fossa-dev analyze ./example-projects/javascript/pnpm-v6/ -o | jq
fossa-dev analyze ./example-projects/javascript/pnpm-v6-workspace/ -o | jq

Let's take popular project:

git clone https://github.com/vitejs/vite.git --depth 0
cd viite && fossa-dev analyze -o --only-target pnpm@./

There is also example: https://fossa.atlassian.net/browse/ANE-1166

Risks

N/A

Metrics

N/A

References

https://fossa.atlassian.net/browse/ANE-1166

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).
• If this PR introduced a user-visible change, I added documentation into docs/.
• If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
• If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
• If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

[jssblck]

The v4/v7 handling is the only hard blocker here unless there's good reason for it working the way it does (or I'm misunderstanding).