licenses: Introduce manifest for licenses directory

[jlinder]

Originally posted by @bdarnell at DEVINF-182. Moving here.

The licenses directory currently contains a set of license files that apply to various parts of the CRDB codebase and our dependencies, but there's no clear indication of what license applies to what. We should document this in some way (I'm agnostic as to how exactly this would look but I'd probably start with the license reports generated by snyk and merge in the other parts that snyk doesn't know about).

The licenses directory should cover everything that gets included in the source tarball releases, including

• The main body of cockroach code
• Any third-party code copied into the main repo and modified
• External go dependencies in the vendor directory
• External javascript dependencies
• C/C++ dependencies in the c-deps directory
• Embedded fonts and other UI assets

Historically the licenses directory was primarily used for the first two points but #69904 added more licenses for things from the vendor directory. We should make sure we're covering all of these areas and keeping things up to date.

The license directory should generally contain the license text in files named after their SPDX identifier. For licenses such as the BSD family, which have the copyright holder's name substituted into the license itself, we may need to duplicate the license into separate files such as BSD-grpc.txt (which should be renamed to BSD-3-Clause-grpc.txt). We've incorrectly applied this pattern in a few cases where it's not necessary (MIT and OFL); these files can be merged back together. For historical reasons we use BSL.txt for the Business Source License, but its SPDX identifier is BUSL and BSL refers to the Boost Software License which we also use. To avoid having to change all our references to BSL.txt we should rename the boost BSL to Boost-BSL.txt

Epic RE-227
Jira issue: CRDB-9959