Adds dependency review action to verify allowed licensed dependencies (#3306)

This change will add a new action to scan the dependency's licenses
for any that may not be allowed for this project.

The pip-licenses command was run to get a dump of all the licenses
associated with this repo and put into the allow-licenses list.
Normally, you might only want to use deny-licenses list, but for
packages like Redis, there is no defined SPDX identifier for it.

Note: this list will require future maintenance as dependencies get
added that are not already in the allow list.

https://spdx.org/licenses/
https://github.com/raimon49/pip-licenses

Related to issue #2901

Signed-off-by: Eric Brown <eric_wade_brown@yahoo.com>

.github/workflows/dependency-review.yml

@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
+        with:
+          allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, HPND, ISC, MIT, MPL-2.0, PSF-2.0, Unlicense