Handle package duplication and shadowing
This behavior was originally written for supporting `sys.path` instead of `site.getsitepackages()`: It's currently not load-bearing, but it is correct deduplication if we need to add more paths to the package discovery in the future.
With this change the behavior of `uv pip list` mirrors the behavior of `pip list`: It shows only the first package in `sys.path`, which is the package that Python will load, and ignores the others.
In the JSON output, we show all packages, but tagged with a `shadowed` bool. The exception is `--outdated`, in which case we only check if the main packages are outdated (updating shadowed packages is ineffective). The consumer is responsible for filtering on `shadowed` if applicable.
We show a hint (stderr, not stdout like the main output), if shadowed packages exist.
The logic includes handling of the fedora lib/lib64 venv split.
