Cyclonedx based licenses fails for some trivy versions

Why are we doing this work

Problem

There is an existing upstream bug that causes failures in container scanning related cyclonedx reports. Invalid expressions are added into license.name which causes ingestion failures.

Expected behavior

• Custom license URLs should be provided directly by cyclonedx reports
• No fallback URL generation should be attempted for custom licenses
• As a side effect, URL links won't be available for custom licenses, which is acceptable

Implementation notes

• Remove the fallback URL generation in ee/lib/gitlab/license_scanning/package_licenses.rb
• Update the container scanning parser to properly handle license data
• Note that custom licenses can be disabled via the security configuration page

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

Verification steps