[license] Add license scanning of third_party dependencies

[rtorok-zr]

This PR introduces scanning for incompatible FOSS licenses (e.g. GNU GPL) on the http_archive dependencies in third_party/, using scancode-toolkit.

The scancode_test macro introduced in this PR allows ignoring some files if necessary. Many are benign for reasons such as:

1. The scanner detected license text in a file that is not actually licensed as such. Most of these either reference an unused transitive dependency using a different license, or mention that an older version of the software used a different license.
2. ScanCode fails to parse some types of files, most notably PDFs.

Further, some tools with share-alike licenses are only used at build-time and never linked directly into a deliverable. GPL-licensed dev-only tools use a different policy file that permits these licenses (dev_policy.yaml). Tools affected by this include:
- openocd, an embedded debugging tool.
- doxygen a tool used alongside mdbook to build the documentation.
- shellcheck, a linter for shell scripts.