Add SPDX licenses to license compliance

Problem to solve

The selection of license names available in license compliance is limited. The user may have a license that needs to be added, which is not on the licenses available in the dropdown.

Context: this issue is based on discovery work done in https://gitlab.com/gitlab-org/gitlab-ee/issues/12941 and license name technical review by @xlgmokha.

Intended users

• Compliance Role wants to see that they are following policies that have been set, edit policies as needed, and set policies for unclassified licenses.
• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Sam (Security Analyst)\
• Legal and/or person responsible for orgs compliance

Further details

Ideally, this is completed at the same time as: #34698 (closed) (which adds the ability to select/edit license to the new LC section)

Proposal

Add the SDPX licenses as license selections the user may add to their project policies.

Permissions and Security

Same permissions rules apply, as with this issue #34698 (closed)

Documentation

• license name technical review
• Need to add license library source to the documentation

Testing

Unit tests should be updated by the developer to cover SPDX licenses. SET should update the license compliance end to end test to ensure SPDX licenses are recognised.

What does success look like, and how can we measure that?

• The additional listings are used by customers

What is the type of buyer?

GitLab Ultimate

Links / references

Implementation Plan

UX

Backend - person

• load gon variable with a list of software licenses

Frontend - person

• Switch hard coded list to value from Ruby

Documentation - person

• User Documentation

Product Management - @NicoleSchwartz

• Release Post