feat: add license check

[olexii4]

What does this PR do?

Add license check.

What issues does this PR fix?

fixes eclipse-che/che#23363

How to test this PR?

Does this PR contain changes that override default upstream Code-OSS behavior?

• the PR contains changes in the code folder (you can skip it if your changes are placed in a che extension )
• the corresponding items were added to the CHANGELOG.md file
• rules for automatic git rebase were added to the .rebase folder

[github-actions]

Click here to review and test in web IDE:

[RomanNikitenko]

Could you clarify what are the next steps for the Unresolved dependencies?

[olexii4]

@RomanNikitenko The file code/.deps/problems.md just for information. It shows current state. To remove libraries from unresolved dependencies list, we can harvest them using this link harvest or add libraries as exclusions in code/.deps/EXCLUDED/prod.md or code/.deps/EXCLUDED/dev.md files.

For example: https://github.com/eclipse-che/che-dashboard/blob/main/.deps/EXCLUDED/dev.md

[RomanNikitenko]

There are 12 unresolved deps with @vscode prefix - could you clarify why they are unresolved?
did you try to apply harvest approach for them?

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[vitaliy-guliy]

Honestly, I do not have the whole picture of what this PR does.

Could we instead of adding all those files, add only one GitHub action, that will be triggered by pushing to the main branch (or pull request)? The action should not block anything and its successful execution may be represented as a badge in the README file.

[olexii4]

Honestly, I do not have the whole picture of what this PR does.

Could we instead of adding all those files, add only one GitHub action, that will be triggered by pushing to the main branch (or pull request)? The action should not block anything and its successful execution may be represented as a badge in the README file.

@vitaliy-guliy We have some information here che-incubator/dash-licenses:

...
Update dependency info
The following command generates dependencies info of a project and then checks all found dependencies. It returns a non-zero exit code if any of them are restricted to use.

docker run --rm -t \
       -v ${PWD}/:/workspace/project  \
       quay.io/che-incubator/dash-licenses:next

As a result, this command creates the next files:

• prod.md with the list of production dependencies;
• dev.md which contains only build and test dependencies;
• problems.md will be created if some dependencies are not covered with CQ, unnecessary excludes present, etc.

Check dependencies
If you just need to verify that all dependencies satisfy IP requirements, use the --check flag, like the following

docker run --rm -t \
       -v ${PWD}/:/workspace/project  \
       quay.io/che-incubator/dash-licenses:next --check

So, this command doesn't create any new files in the project directory (except a temporary one) but checks if the dependencies info is up-to-date and then validates all found dependencies. It returns a non-zero exit code if any of the dependencies are restricted to use.
...

Files prod.md and dev.md include license information for libraries. for example:

Production dependencies

Packages	License	Resolved CQs
@vscode/sqlite3@5.1.8-vscode	BSD-3-Clause	clearlydefined
...

You can click a link with CQ and the next page will be opened