fix(arborist): check placed node children for missing deps (#7746)

[TrevorBurnham]

This addresses an edge case where a dep could be placed in the tree with unsatisfied indirect dependencies (see test case), by adding the children of placed deps to the #depsQueue.

See #7746 for details on this bug. As far as I know, this situation only occurs if the lockfile has been manipulated outside of npm; even so, I believe it's worth addressing within npm in order to ensure that the state of the lockfile is consistent (i.e. running npm install more than once does not change the result).

This is my first time working with the npm codebase. I'd welcome any suggestions!

References

Fixes #7746