composer.json and composer.lock out of sync after installing recipe

[maxime-rainville]

If you install a recipe, your composer set up will be invalid.

Step to reproduce

1. Create a new directory.
2. Save the sample composer.json in your new directory.
3. Require recipe-cms: composer require silverstripe/recipe-cms
4. The command will complete successfully.
5. Run a composer validate.
6. The command will complain that The lock file is not up to date with the latest changes in composer.json, it is recommended that you run composer update.

Expected results: A successful composer require on a valid composer.json should leave you in a valid state.

Sample composer.json file

{
    "name": "maxime/composer-test",
    "description": "foobar",
    "type": "project",
    "license": "mit",
    "authors": [
        {
            "name": "Maxime Rainville",
            "email": "maxime@example.com"
        }
    ],
    "minimum-stability": "dev",
    "require": {}
}

Underlying cause of problem

composer.lock contains an hash calculated from a few values contained composer.json. The problem is that installing recipes will add new properties to the extra object in composer.json after the composer.lock hash has been generated.

There's an easy workaround ... which is to just run a composer update ... but it's kind of an annoyance for the silverstripe upgrader.