Avoiding GitHub rate limits for npm library

[guybedford]

There are two approaches that can be taken here:

1. Using direct release URLs that don't get ratelimited (and verifying that of course)
2. Using the npm optional dependencies pattern to publish multiple packages with the release binaries and then using the engines package.json field to select on the correct dependency install through npm

We use (2) for Wizer, but both (1) and (2) can work for Weval.

We very much should solve this problem though as npm installs aren't reliable otherwise.

[cfallin]

Happy to review a PR that does option 1 (I'd also be OK with option 2, but option 1 seems simpler to manage)!

[vados-cosmonic]

Will have something up shortly ya'll -- thanks for making this issue :)

[guybedford]

Rather than just asking I put together #14.