Proposal: Security checks related to licenses

[UlisesGascon]

I was checking the list and seems like we don't have any check related to licenses. Ideally we can list the licenses of the projects and their dependencies and alert of "non-compliance" licences from non-OSI approved to "unknown".

WDYT @ruddermann?

[bjohansebas]

I thought this was complicated, but it seems that GitHub provides an API that we can use. I still haven't figured out how it could be done or if it would really work.

https://docs.github.com/en/rest/dependency-graph/dependency-review?apiVersion=2022-11-28