Brainstorm limited macros for EL(N) Proper

RHEL will likely not want to support some of our dependencies. We should figure out how to provide a limited solution. Some of this work has already happened (https://gitlab.com/gotmax23/go-vendor-tools/-/issues/35, notably) and there's a series of other mini tasks that still need to be worked on.

• Important Make sure there is an active RHEL maintainer who is also involved on the Fedora side and can commit to keeping go-vendor-tools updated in CentOS Stream. go-vendor-tools could be included in CRB to make this easier. I don't want to put in extra work to enable this upstream if it's going to result in a broken go-vendor-tools package in RHEL that creates problems for EPEL packagers and unactionable bug reports upstream.
• Remove trivy as default (#57 (closed))
• Make zstarfile dependency optional (upstream) by wrapping the import of ZStarfile in a try-except ModuleNotFoundError that falls back to using tarfile.Tarfile instead of zstarfile.ZSTarfile. We can copy the other helper function we use from zstarfile for use with regular tarfile in RHEL.
• Figure out what to do with license_expression (python-license-expression) dependency. We will want this in EPEL. This probably needs to be conditionally imported everywhere it's used. RHEL should have %go_vendor_license_check_disable set globally, so the functions that require license_expression shouldn't actually be needed.
• Create a paired down specfile
• Make sure to set %go_vendor_license_check_disable globally
• help wanted: write a set of minimal TMT integration tests, similar to our integration tests in tests/integration. The main thing to test would be building a package with %go_vendor_license_buildrequires, %go_vendor_license_install, and checking that %go_vendor_license_filelist contains the expected output.
• Figure out how to undo this in EPEL. We want to set %go_vendor_license_check_disable back to 0 and make sure removed dependencies (mainly license_expression) are installed. A minimal go-vendor-tools-epel package that provides the missing +all and +scancode extras subpackages and a go-vendor-tools-epel package with the missing dependencies and %go_vendor_license_check_disable override would work. We can add Requires: go-vendor-tools-epel if go-vendor-tools to epel-rpm-macros to enable this.