chore: all-in-one third party licenses file

Created by: bobheadxi

closes #9973 and possibly more by adopting https://github.com/pivotal/LicenseFinder and replacing the existing npm/go license generation. Personally I think license_finder is a really neat all-on-one tool that provides a somewhat strict but systemic way of handling dependencies and tracking approvals. It also seems more well-maintained than any of the other go license tools I could find.

• Generate all licenses and manage approvals using license_finder
• "Decisions" about whether or not a dependency is approved are tracked in doc/dependency_decisions.yml - this helps log and persist:
  • permitted licenses (automatically approves) (via license_finder permitted_licenses add)
  • forbidden licenses (disallows approval) (via license_finder restricted_licenses add)
  • manual overrides to set unknown licenses, add unlisted dependencies, and more

This change will supersede both ThirdPartyLicensesGo and ThirdPartyLicensesNpm and probably change the way we deal with all this (that said, it seems that we're pretty ad-hoc about it at the moment, so hopefully it's not too drastic a change). See the generated license report here: https://github.com/sourcegraph/sourcegraph/blob/all-licenses/ThirdPartyLicenses.csv

This PR also introduces two GitHub actions:

• one that runs on PRs, and fails if there is a restricted/license-unknown dependency
• one that runs on cron, and opens a new PR (or updates an existing one) to update the license list

Caveats:

• license_finder is so slow. So very, very slow 💤
• Doing stuff generally requires using the license_finder CLI - the configuration does not look very human-friendly

TODO:

• does this serve our needs?
• add more permitted/forbidden licenses
• add periodic report generate + PR to Actions
• replace docker-based license_checker (which bundles its own Go, npm, etc.) with the gem install (probably needs buildkite update?) => github actions
• handbook addition => https://github.com/sourcegraph/about/pull/1067