Use `providers-api` when publishing Composer dependencies

Problem to solve

V2 of Composer offers performance and usability improvements. This includes a new API endpoint, the providers-api.

When given a package name, it returns a list of other packages that list as a provider in the provide section of the composer.json file. For example, the package phalcon/cphalcon, lists psr/log in its composer.json. If we request the providers-api for psr/log, we will see phalcon/cphalcon listed in the response.

The problem is that the GitLab Package Registry does not currently support using this field.

Proposal

Add support for providers-api so that the GitLab registry supports all of the functionality in v2 of Composer.

Further details

This is a non-trivial update. Currently, we store the entire composer.json file as jsonb in the packages_composer_metadata table. So at the group-level, we would need to query the composer_json value of every package in the group to find matches in the provide section. This would not be scalable to large groups. The solution is to store the providers in a separate table of metadata. Possible implementation:

MR Plan

1. Create composer_providers, which simply contains a package_id and a provider_id, where the provider_id points to another package in the group.
2. Update existing package creation code to insert values into the providers table.
3. Background migration to backfill providers table for existing packages.
4. Add providers-api route: /api/v4/groups/:id/-/packages/composer/providers/*package_name to display the providers of a given package.