Update all the things

[Jake-Shadle]

This started out as a somewhat minor change to add support for clearlydefined.io, but spiraled a bit.

• Adds (optional) support for clearlydefined.io. License information can now be retrieved from clearlydefined, including curations done by other users or tools to get a mix of both automated and human clarification of license files. This information is considered higher quality than the data that can be gathered by cargo-about by scanning the locally downloaded source code, so if the crate in question has been harvested there, the crate source is not scanned locally at all (other than for the license files identified to ensure their hashes match).
• Adds the concept of clarifications (similar to from cargo-deny) to essentially override all other sources of license information with the user supplied definitions, as long as the 1 or more sources of truth all match. These come in two flavors, files which will just read the 1 or more files specified and checksum them to ensure they match, or git, which will pull the file(s) in question from the source repo at the same commit that was used when packaging the published crate. This is particular useful for the many crates that have a single license defined in the root of a repo, but 1 or more subcrates in a workspace that don't actually have that license packaged in the final .crate file (cargo will not package files above the crate root by default). The git version only supports repos hosted on either github.com, gitlab.com, or bitbucket.org but this will be improved in the future.
• Adds a clarify subcommand that can be used to help generate the information needed for a clarification, both from a path on a disk, a specific crate and version that is already on disk, or a crates source repository
• Adds the concept of workarounds which are optional clarifications for some popular and/or "big" crates that I encountered when doing this change, that can be toggle on via a single <name> in the about.toml, rather than needing to retype the same thing in any project that uses one of these crates that use cargo-about
  • bitvec - Fairly common crate, doesn't include the license text in the packaged crate
  • chrono - Very common crate, doesn't include the license text in the packaged crate
  • clap - Very common crate, doesn't include the license text in the packaged crate
  • cocoa - Gui mac apps tend to use this, a multi-crate repo that doesn't package the license in all of the crates
  • gtk - Gui linux apps tend to use this, a multi-crate repo that doesn't package the license in all of the crates, currently
  • ring - Often pulled in via rustls, this crate has incredibly complicated and non-machine readable licensing
  • rustls - Uses the same incredibly complicated single license file as ring
  • sentry - All the official sentry packages are published from the same repo, but without their license texts
  • tonic - All packages are published from the same repo, but without their license texts
  • tract - All packages are published from the same repo, but without their license texts, this has been fixed in latest version
  • wasmtime - This includes all of the wasmtime and cranelift adjacent crates that will be pulled in by most projects that use wasmtime. The license used is the same for all of them, namely Apache-2,0 WITH LLVM-exception, however neither clearlydefined nor askalono parse the license text correctly and thus just find Apache-2.0 and not the exception, so we correct it

Resolves: #61