Preemptive license check

[quic-kdybcio]

Some languages with package managers have infrastructure to verify the compatibility of licenses across external packages that are pulled in.
E.g. Rust has at least:

• cargo lichking (dead project? seems to still work)
• cargo deny (needs a specific config file but can do vastly more, incl. general license/package checks

Implementing that in repo lint and in a pre-commit hook (which importantly happens locally and not after pushing, like CI) will save us from crippling embarrassment (which could potentially include bad things with patent-grant licenses or cross-license incompatibility) as the last line of defense before pushing out to the public world.