command/init: Read, respect, and update provider dependency locks

This changes the approach used by the provider installer to remember
between runs which selections it has previously made, using the lock file
format implemented in internal/depsfile.

This means that version constraints in the configuration are considered
only for providers we've not seen before or when -upgrade mode is active.

internal/providercache/cached_provider.go

@@ -50,7 +50,7 @@ func (cp *CachedProvider) Hash() (getproviders.Hash, error) {
 // MatchesHash returns true if the package on disk matches the given hash,
 // or false otherwise. If it cannot traverse the package directory and read
 // all of the files in it, or if the hash is in an unsupported format,
-// CheckHash returns an error.
+// MatchesHash returns an error.
 //
 // MatchesHash may accept hashes in a number of different formats. Over time
 // the set of supported formats may grow and shrink.
@@ -58,6 +58,16 @@ func (cp *CachedProvider) MatchesHash(want getproviders.Hash) (bool, error) {
 	return getproviders.PackageMatchesHash(cp.PackageLocation(), want)
 }
 
+// MatchesAnyHash returns true if the package on disk matches the given hash,
+// or false otherwise. If it cannot traverse the package directory and read
+// all of the files in it, MatchesAnyHash returns an error.
+//
+// Unlike the singular MatchesHash, MatchesAnyHash considers unsupported hash
+// formats as successfully non-matching, rather than returning an error.
+func (cp *CachedProvider) MatchesAnyHash(allowed []getproviders.Hash) (bool, error) {
+	return getproviders.PackageMatchesAnyHash(cp.PackageLocation(), allowed)
+}
+
 // HashV1 computes a hash of the contents of the package directory associated
 // with the receiving cached provider using hash algorithm 1.
 //