Yarn 1.x: Ensure there are no collisions in the offline mirror

[taylormadore]

When Yarn 1.x fetches a tarball into the offline mirror, the name of the tarball is used as the name of the tarball in the mirror. This potentially opens up the possibility of collisions in the offline mirror, where two different tarballs have the same name and Yarn gets confused about which is being installed.

See: https://github.com/yarnpkg/yarn/blob/7cafa512a777048ce0b666080a24e80aae3d66a9/src/fetchers/tarball-fetcher.js#L65

Practically, it is likely that if integrity keys are being used that Yarn will detect the mismatch and fail, so it is possible this could be remediated by documenting the issue.

Acceptance Criteria

• Offline mirror collisions are detected and an exception is raised
• OR this issue is satisfied via documentation
• Add an integration test for collisions