Wit package name/version validated against registry publishes

[macovedj]

Currently, when publishing a wit package, the string used at the top of the package declaration in the wit file does not need to correspond to the name or version that is being published to a registry.

When depending on a wit package, whatever string used in the published package's wit file is what needs to be used in a reference. For example, whether we use use foo:bar.{some-type} or use foo:[email protected].{some-type} is determined by whether the package includes in its contents package foo:bar or package foo:[email protected], and it is possible for the author to inadvertently type a different name and/or version than what they specify when they publish to the registry when using tools other than wit.

I can't think of any downsides to enforcing the wit namespace/name pair match what is in the wit.toml (it would have to be added) at build/publish time, and I think it would reduce debug time if there are accidental mismatches.

As for the version numbers, I think that developers who are depending on a package need a way of knowing whether or not to include the pinned version in their use statements. I think the most straightforward approach might also be enforcing that the version is forced to match the wit.toml, but this would have the side effect of every package name in the registry always having a version.

I can go ahead and start on enforcing the namespace/name side, and if requiring that published packages incorporate a version number in their package name isn't problematic, I can implement that part as well.