Feat/dont fail out of sync

[lili2311]

• [x] Tests written and linted [ℹ︎]()
• [x] Commit history is tidy [ℹ︎]()

What this does

Many customers today find they cannot import snyk projects or keep using snyk when we enable lockfiles support because they are in an Out of Sync state (the package.json and lockfile don't have matching dependencies or versions of dependencies)

What we do today:

• if a package is found in package.json but not in lockfile we throw an error
• we don't check package versions today but perhaps we should get stricter

What we want to do:

• Leave CLI as it is today, it is easy for users there to just run npm i
• For SCM relax the out of sync check and filter out all missing packages as step 1. (later we will fill in the gaps with npmjs and assume 'latest' like we used to)

More information

• SC-6660

[snyksec]

:tada: This PR is included in version 1.8.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: