Possibility of changing content_hash in lock file

[jbrantly]

Somewhat similar to the original issue in #642, my team has found that resolving merge conflicts in the pdm.lock file seems unnecessarily difficult due to the top-level content_hash property changing whenever dependencies are added or removed. This forces the merger to arbitrarily pick one of the hashes and then run pdm install or pdm lock --refresh to calculate a new hash.

I'm wondering if having the list of dependencies included in this hash calculation is really necessary? I know this project was inspired by npm and, for example, the package-lock.json file does not have a top-level hash and avoids this issue.

My assumption is that npm/node supports multiple versions of transitive dependencies at once and Python does not, so PDM needs to go through the whole resolving algorithm to make sure all version constraints are still satisfied? If that's the case, I can understand the need, but figured I'd start a discussion to make sure.