Install materials to comply with upstream licenses

[brson]

Cargo packages and distributes as binaries many upstream components. To comply with those licenses we need to do some things. I suggest:

• In README.md put the text "This product includes software developed
  by the OpenSSL Project for use in the OpenSSL Toolkit
  (http://www.openssl.org/)", to comply with clause 6 of the OpenSSL
  license. It doesn't actually matter to say this for the source
  distribution, but it does in the binary distribution.
• Write (or generate) a LICENSE-THIRD-PARTY (to be distinct from the
  main Cargo license file) file that simply concatenates all the
  unique licenses of the dependencies. It's most crucial that this
  contains the GPL2 with runtime exception from libgit2. This does not
  need to be distributed with the source, but does with the binaries.
• Install the README and all license files to ${prefix}/share/doc/cargo.

cc rust-lang/rust#17690

[brson]

Here's the current list of upstream components:

Third-party software that cargo links to:

• OpenSSL, BSD-like with advertising clause,http://www.openssl.org/source/license.html
• libgit2, GPL2 with linking exception,https://github.com/libgit2/libgit2/blob/master/COPYING
• libssh2, 3-clause BSD,http://www.libssh2.org/license.html
• libcurl, MIT-like,http://curl.haxx.se/docs/copyright.html
  • libcurl has complex licensing scenarios depending on how it's built:
    http://curl.haxx.se/legal/licmix.html
  • on linux/win we are building and distributing it ourselves, with most
    features disabled, only linking to OpenSSL; on mac we are using the
    system libcurl dynamically.

Rust ecosystem software Cargo links to that is not part of the Rust project

The ones with undeclared licenses are all controlled by people we know, and will be whatever we ask them to be (likely MIT/ASL2).

• flate2-rs, MIT/ASL2,https://github.com/alexcrichton/flate2-rs
• link-config, license undeclared,https://github.com/alexcrichton/link-config
• openssl-static-sys, license undeclared,https://github.com/alexcrichton/openssl-static-sys
• docopt.rs, public domain,https://github.com/docopt/docopt.rs
• tar-rs, MIT/ASL2,https://github.com/alexcrichton/link-config#1d3cd271
• rust-encoding, MIT ,https://github.com/lifthrasiir/rust-encoding
• curl-sys, license undeclared,https://github.com/alexcrichton/curl-rust
• toml-rs, MIT/ASL2,https://github.com/alexcrichton/toml-rs
• libssh2-static-sys, license undeclared,https://github.com/alexcrichton/libssh2-static-sys
• git2-rs, license undeclared,https://github.com/alexcrichton/git2-rs
• curl-rust, license undeclared,https://github.com/alexcrichton/curl-rust

First-party software that cargo links to

• glob, MIT/ASL2,https://github.com/rust-lang/glob
• semver, MIT/ASL2,https://github.com/rust-lang/semver
• rust-url, MIT/ASL2,https://github.com/servo/rust-url

[alexcrichton]

All of my own dependencies are now MIT/ASL2, and upstream curl-rust (which our branch is based on) is MIT, and curl-sys falls under that umbrella. This means that rust software is at least MIT, except docopt, which is public domain.