Factor out npmrc handling

[zanerock]

Overview

In order to install bats (hosted on GitHub as an npm package) into the test docker image, we fudge around with the user's npmrc file. This means we have to worry about cleaning up sensitive data which, under some circumstances, could be left sitting around as bits on the machine. This is not ideal, but considered a relatively low priority at the moment because:

1. We don't expose the text of the file (which would make it viewable through docker history).
2. We do a reasonable job of cleaning up so it should almost never be left hanging around.

The main issue is that our cautious handling is still rather fragile. E.g., if we wanted to change the name of the file, we would have to correctly coordinate changes from multiple places. And since this is something we want to test, it's not unit tested. So we do need to get rid of it.

Deliverables

• Download and/or install the @bats-core/bats package locally.
• Generate a local package file suitable for non-network/standalone installation. Consider using this bundler script or something like it to reliably prepare packages.
• Expose the build package to the context, copy and install in Dockerfile.
• Avoid exposing the whole staging/intermediate build work to the Docker build context. Increasing the size of the build context decreases the Docker build efficiency.
• Audit that all references to NPMRC have been removed.

Notes

• I do not believe it is necessary to do anything special with the @bats-core/bats-support and @bats-core/bats-assert libraries we also use. Those are just cloned from GitHub and loaded within the .bats scripts.

[zanerock]

moot with new implementation