fix: mismatched pnpm lockfile version resolution (#3611)
Fixes #3564
I created a regression when adding support for pnpm `lockfileVersion: 6`
that caused us to not include some indirect dependencies of a workspace.
A package would be missing only if a workspace had a direct dependency
on the package that was also included as an indirect dependency where
the version ranges didn't overlap. See the new test fixture for a basic
version of how this could occur.
Huge thanks to @shawnmcknight for providing a reproduction!
