Allow hashed packages to participate in the hashing #22
Description
Hashed packages should be able to participate in the hashing.
https://github.com/avajs/babel-preset-stage-4 for instance should be able to hash its own (installed) dependencies and have those be included in the final hash.
We should parse the package.json and look for a package-hash key. This should point to a module that exports at least a sync() function, but ideally also an async() function. These would be called as appropriate and should return (a promise for) a hash value, which is then included in the final hash.
package-hash itself should export a prepareHasher() method which accepts the same arguments as the main functions. This should return an object with async() and sync() functions, that can be used for the hash participation described above.
We should document that package-hash now has the capability of executing code in your dependencies, so it should not be used with untrusted dependencies. Of course we're already computing a git diff which carries its own (though smaller) risk.