Ensure our generated tar files are reproducible

[andir]

Right now we are using the file systems order when creating tar files (for e.g. Git dependencies). We should at least provide the --sort flag to the tar command:

       --sort=ORDER
              When creating an archive, sort directory entries according to ORDER, which is one of none, name, or inode.

              The default is --sort=none, which stores archive members in the same order as returned by the operating system.

              Using --sort=name ensures the member ordering in the created archive is uniform and reproducible.

              Using  --sort=inode  reduces the number of disk seeks made when creating the archive and thus can considerably speed up archivation.  This sorting order is supported only if the underlying system provides the necessary
              information.

Code that has to be adjusted: https://github.com/nix-community/npmlock2nix/blob/a91bc6ccbb1ba35d608cca5ed121d867bd260aaf/internal.nix#L77

It is worth checking what other options we should be setting. Perhaps nixpkgs already has this solved for us.