Vendored go dependencies report a lot of licenses as "unknown"
We should improve the experience of the license scanning. It also is a bit unclear to why this happens, as the vendored dependencies actually contain license information:
- e.g. github.com/prometheus/client_model/go is reported as unknown, while we have: https://gitlab.com/gitlab-org/gitaly/blob/acdb4147d57ac1517363f8b1455ee06cce2dfc8f/vendor/github.com/prometheus/client_model/LICENSE