feature: raise issue when package is labeled as X license, but source header shows Y

[spiffcs]

Grant has the ability to show the license declared for a package as surfaced by syft.

Syft should also be able to communicate to consumers if a declared license is different from one found in the header of the source files. This would allow grant to flag packages with conflicting statements for the user in their evaluation policy.