Download npm modules on demand

[squaremo]

Instead of making people construct npm scaffolding (package.json, package-lock.json, npm-shrinkwrap.json), as in #232 we could just download things from npm when mentioned in an import.

Since we know imports statically, we can do this ahead of time, even. jk import fetch ./index.js

Since third-party modules will not know about this, it has to work with import statements as they are used now -- i.e., we can't require a special syntax. Though possibly we could resolve with respect to a base, so if index.js imports npm://handlebars/lib/handlebars then anything that imports could be relative to npm://. Maybe.

[squaremo]

More thoughts:

• if a downloaded package has a package.json, jk should probably try to respect it (packages won't have package-lock.json, because npm publish doesn't include them)
• will this need a solver (and a lock file itself), like go mod?