Fixes the metadata file name to avoid ambiguities

[MLoughry]

Fixes #6761

What's the problem this PR addresses?

By using - to separate the scope and name in slugifyident, the code could result in a name collision between packages (eg., @x-y/z and @x/y-z).

...

How did you fix it?

This change uses ~ instead, which is valid in file names but not package names.

...

Checklist

• I have read the Contributing Guide.

• I have set the packages that need to be released for my changes to be effective.

• I will check that all automated PR checks pass before the PR gets reviewed.

[arcanis]

Hm, it seems too wide a change to land in anything but a major; we use the slugify call in quite a few places.

Could we instead append the scope length to the metadata cache file name? The cache shouldn't be impacted since it's content-addressed.

[MLoughry]

Might it make more sense to have a different function than slugifyIdent for the file name? Appending the scope length seems more hack-ish

[arcanis]

Might it make more sense to have a different function than slugifyIdent for the file name?

I moved the function into npmHttpUtils to avoid expanding the public interface.

Appending the scope length seems more hack-ish

Yes and no - I still prefer that to a tilde, I'm worried that some filesystems or tools wouldn't play well with that character.