Automate creation of the Go third-party licenses CSV

Created by: dadlerj

Background

Some customers need a list of the licenses of our dependencies for compliance and risk analysis reasons. There is currently no standard approach to automatically generate this list from a go.sum.

The ThirdPartyLicensesGo.csv file we already have has been generated with https://github.com/mitchellh/golicense which produces an XLS file, then converted to CSV, then manually edited those entries for which it couldn't detect the license properly. This process doesn't scale.

While the generation of ThirdPartyLicensesNpm.csv is already automated because it is natively supported, it would perhaps be better to unify the production of these two lists with a more general tool like https://github.com/pivotal/LicenseFinder (which is used by GitLab for instance). This is however just a suggestion, not a strict requirement.

Definition of success

The list of dependency licenses is generated automatically periodically. A pull request is opened by a script (GitHub Action?) with the diff, which should be reviewed carefully for non compliant licenses (perhaps we can define these programatically too).