Ensure that builds within the cache aren't considered Git repositories (#1782)

## Summary

Some packages encode logic to embed the current commit SHA in the
version tag, when built within a Git repo. This typically results in an
invalid (non-compliant) version. Here's an example from `pylzma`:
ccb0e7cff3/version.py (L45).

This PR adds a phony, empty `.git` to the cache root, to ensure that any
`git` commands fail.

Closes https://github.com/astral-sh/uv/issues/1768.

## Test Plan

- Create a tag on the current commit, like `v0.5.0`.
- Build `pylzma`, using a cache _within_ the repo:

```
rm -rf foo
cargo run venv
cargo run pip install "pylzma @ 10ef072c3c/pylzma-0.5.0.tar.gz" --verbose  --cache-dir bar
```

crates/uv-cache/src/lib.rs

@@ -235,12 +235,25 @@ impl Cache {
         cachedir::ensure_tag(&root)?;
 
         // Add the .gitignore.
-        let gitignore_path = root.join(".gitignore");
-        if !gitignore_path.exists() {
-            let mut file = fs::File::create(gitignore_path)?;
-            file.write_all(b"*")?;
+        match fs::OpenOptions::new()
+            .write(true)
+            .create_new(true)
+            .open(root.join(".gitignore"))
+        {
+            Ok(mut file) => file.write_all(b"*")?,
+            Err(err) if err.kind() == io::ErrorKind::AlreadyExists => (),
+            Err(err) => return Err(err),
         }
 
+        // Add a phony .git, if it doesn't exist, to ensure that the cache isn't considered to be
+        // part of a Git repository. (Some packages will include Git metadata (like a hash) in the
+        // built version if they're in a Git repository, but the cache should be viewed as an
+        // isolated store.)
+        fs::OpenOptions::new()
+            .create(true)
+            .write(true)
+            .open(root.join(".git"))?;
+
         fs::canonicalize(root)
     }