Create a validator to ensure that active composer.lock file has not changed since the stage was created when applying updates

Problem/Motivation

Right now we do not check if active composer.lock file has change when we apply an update from the time the stage was created.

The worst case scenario would be

1. latest version drupal is 10.1.0
2. site is on Drupal 10.0.9
3. Person A starts an update to through the UI to 10.0.10
4. Person B else(or Person A on bad day) runs composer require drupal/core:10.1.0 on the terminal
5. Person A applies the update that is stage to 10.0.10

Because `\PhpTuf\ComposerStager\Domain\Stager::stage()` is file syncing command not a direct composer operation on the active site it makes the assumption that the other conflicting commands have not been run the project since it was staged.

The other problem is that step 3 instead of an update to Drupal could be requiring a contrib module that is compatible with 10.0.9 but not compatible with 10.0.10. This seems less likely but still possible.

Steps to reproduce

Proposed resolution

Write a validator that subscribes to \Drupal\package_manager\Event\PreApplyEvent and prevents an update from being applied if the lock file is not the same as when PreCreateEvent was fired.

We may want to also subscribe to PreRequireEvent because if we know the composer.lock has changed then we know we won't be able to apply the stage.