Adds dependency review action to verify allowed licensed dependencies

[ericwb]

This change will add a new action to scan the dependency's licenses for any that may not be allowed for this project.

The pip-licenses command was run to get a dump of all the licenses associated with this repo and put into the allow-licenses list. Normally, you might only want to use deny-licenses list, but for packages like Redis, there is no defined SPDX identifier for it.

Note: this list will require future maintenance as dependencies get added that are not already in the allow list.

https://spdx.org/licenses/ https://github.com/raimon49/pip-licenses

Related to issue #2901

All Submissions:

• [x] Have you followed the guidelines stated in CONTRIBUTING.md file?
• [x] Have you checked to ensure there aren't any other open Pull Requests for the desired changed?

Type of change

Please delete options that are not relevant.

• [x] Bug fix (non-breaking change which fixes an issue)

New Feature Submission:

• [ ] Does your submission pass the tests?
• [x] Have you linted your code locally prior to submission?

Changes To Core Features:

• [x] Have you added an explanation of what your changes do and why you'd like us to include them?

After these steps, you're ready to open a pull request.

a. Give a descriptive title to your PR.

b. Describe your changes.

c. Put `closes #XXXX` in your comment to auto-close the issue that your PR fixes (if such).