Add linting check for sensitive updates to existing packages

[shonfeder]

When an update for an existing package is submitted, it is possible that the new opam file can update sensitive fields, such as the license, maintainer, author, or even location from which the source is obtained. These kinds of changes require special scrutiny.

@raphael-proust and @kit-ty-kate noted today that the current review process requires manually diffing the new opam file against the previous one to identify these kinds of updates. To help streamline the review process, reducing manual work and improve safety, we should:

• Add a linting pass that detects changes to sensitive fields.
• When a notable change is detected, add a comment to the PR reporting which fields have been updates (we can include a note about why the field is sensitive).

We don't want CI to fail in case these fields are updated, but instead want some sort of informative warning. Adding a comment seems like the only way to achieve this within the confines of GitHub's PR interface.

We may want to consider just always adding the diff of fields changes as a comment, because it seems to me that nearly all fields from the https://opam.ocaml.org/doc/Manual.html#Package-definitions could be used for malicious purposes by a bad actor. More input on the particulars from seasoned opam repo maintainers would be helpful.