feat(ci): add Dependency and License checks to build workflow

[jenstroeger]

I stumbled upon the dependency-review-action which looked useful. Not sure if build.yaml is a good place, or better pr-change-set.yaml. What do you think, @behnazh?

[jenstroeger]

Closing for further discussion in issue https://github.com/jenstroeger/python-package-template/issues/5.

[thbeu]

Hm, why was it closed? I'd prefer to run the dependency-review-action on PR whenever the pyproject.toml changes.

[jenstroeger]

Oh… 😳

I closed it so we can discuss first where this action should run, and I thought that issue #5 is a good place for that discussion. Reopening this PR, feel free to chime in!

[behnazh]

I stumbled upon the dependency-review-action which looked useful. Not sure if build.yaml is a good place, or better pr-change-set.yaml. What do you think, @behnazh?

Currently the dependencies might change at the last stage when pushing to main and bumping the version. So technically pr-change-set.yaml is not enough unless we want to check licenses only when dependencies are added/removed through PRs and not worry about updates through bump commit to main because the license won't change.