Enable configuration to specifically allow crates for which all licenses are allowed

[djc]

Is your feature request related to a problem? Please describe.
I'm using cargo deny in a multi-crate workspace that is proprietary/private. In this case, the tool complains about empty license values for crates within the workspace, even though it seems I should be allowed to have this (that is, in my perception cargo deny should be about checking my dependencies more than about checking my own crates -- or it should allow me to have separate policies for these two categories).

Describe the solution you'd like
I think not warning about licenses for crates in the current workspace would be a decent default.

Describe alternatives you've considered
A more powerful alternative would be to have a whitelist for crates (I think there's a whitelist for licenses, but not for crates). For example, I also have the ring crate in my dependency graph, which does not have a license specified because a number of licenses are involved. It would be good if there was also a way to silence this output after I've audited the licenses involved. (Bonus points, of course, if I could silence this output only as long as the licenses don't change, probably involving some hash thing that I could put in the configuration.)

[Jake-Shadle]

This should be solved by #103, I just haven't published a new version yet with that change.

For the ring case, this is the intent of the [[licenses.clarify]] array, eg here is our config for one of our projects.

[[licenses.clarify]]
name = "ring"
# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
# https://spdx.org/licenses/OpenSSL.html
# ISC - Both BoringSSL and ring use this for their new files
# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
# license, for third_party/fiat, which, unlike other third_party directories, is
# compiled into non-test libraries, is included below."
# OpenSSL - Obviously
expression = "ISC AND MIT AND OpenSSL"
license-files = [
    { path = "LICENSE", hash = 0xbd0eed23 },
]

This configuration is kind of tedious because it's per project at the moment. Ideally it would be resolved in the upstream crate, but briansmith/ring#902 never got any attention. Another idea that I've had is basically having "overlay" databases in git that you can add to your config(s) that are queried if a crate eg doesn't have a readable license so that this kind of configuration doesn't have to repeated.

[djc]

Ah yes, I just figured this out from the book. BTW, hiding a link to the book in a badge makes it really easy to overlook, I usually only closely look at the badges if I'm looking for something that's usually kept there (like links to API docs, CI, coverage perhaps).

[djc]

Anyway, ignore-private will do nicely once a new version gets published!