fix: set strictSSL on custom downloads from NPM config. Fixes #211

[mefellows]

Uses libnpmconfig to cascade through the various npm config layers and set the property on the download object.

Didn't like exporting the function in order to test it, but I needed a few tests around it at the time. Perhaps they can go now?

[TimothyJones]

useStrictSSL doesn't exist any more in this PR, I think? It's certainly not used in this file.

I tend to think that exporting things only for testing implies that the module cut points aren't right yet. Last time I was looking at modifying install.ts, I was thinking about refactoring it out to separate the different concerns. I didn't, because it was going to be substantial work that would be hard to test.

Pragmatically, I liked this change more when it had the tests, and I would like it even more if the config parts of install.ts were extracted to their own module. What do you think?

[mefellows]

Oh crap, yes I did remove that in the end. I'm surprised something didn't get upset about it (or maybe it did).

I tend to think that exporting things only for testing implies that the module cut points aren't right yet.

Agree (and hence my initial concern), but for a minor fix didn't want to refactor either! But also wanted tests.

To be honest, and this is definitely outside the scope of this, but the whole

1. Have to npm t before npm i is a bit strange
2. Have to npm t before npm run release (which also runs t anyway)

is a bit strange, and counter intuitive. I should be able to pull repo, npm it and be set 👌. I got tripped by this on the last release with the "checksum invalid" issue, only to realise that I needed to re-run all of the tests (which bring down all of the OS specific binaries).

I don't want all of this of course to get in the way of fixing a bug, so perhaps we create an issue, mark it as "help wanted" / "good first issue"?

[mefellows]

(I've fixed that broken import by the way)