[npm-check-fork] Perf optimization for fetchPackageMetadataAsync

[TheLarkInn]

fetchPackageMetadataAsync buffers the entire response in memory and then uses synchronous decompression (gunzipSync/inflateSync) and JSON.parse. For large package metadata responses this can block the event loop and create memory spikes. Consider streaming the response through zlib.createGunzip()/createInflate() (async) and enforcing a max response size (abort the request if exceeded).

Originally posted by @Copilot in #5565

Will be relevant once #5565 lands