Revisit NOTICE for extension repositories

[CsCherrYY]

reference: https://docs.opensource.microsoft.com/using/required-notice-template/

Since #768, our extensions have their own NOTICE file in the corresponding repo, currently most of your NOTICE files are in NOTICE in a Microsoft Open Source Project format, and we need another NOTICE file in our published bits, see NOTICE in a Microsoft Product or Service.

Recommendation: the NOTICE file in the published bits can be generated via the Azure DevOps Build task. Basically, this part includes the way to generate that NOTICE file.

If the dependencies listed in the Component Governance UI are not complete for your repo, you may need to manually add them in the cgmanifest.json, and reply any vulnerabilities.

After all, you can just put that NOTICE file in the same folder as package.json of your published VSIX file. Here are some examples in Gradle repo:

• cgmanifest.json
• Steps in Azure pipeline

Repos:

• pack @Eskibear
• test runner @jdneo
• project manager @jdneo
• debugger (2 repos) @testforstephen
• maven @Eskibear
• spring-initializr @Eskibear
• spring-boot-dashboard @Eskibear
• gradle @CsCherrYY
• lsif-java @CsCherrYY