Detect Bun runtime when no bun.lock file is present

Stack detection currently relies on the presence of a bun.lock file to identify Bun projects. Apps with no dependencies never produce a lockfile, so Bun isn't detected and the deploy fails or falls back incorrectly.

We should also detect Bun from package.json alone (e.g. a bun key in scripts, or a bunfig.toml present), similar to how we grab package.json for other Node-family runtimes.