use cargo deny to check dependency licenses

Makefile

@@ -30,3 +30,8 @@ fetch-sdk: # fetches and loads the image we use to build the updater docker imag
 	else \
 	  echo "${BUILDER_IMAGE} is already loaded"; \
 	fi
+
+.PHONY: check-licenses
+check-licenses:
+	cd updater && cargo deny check licenses
+	cd integ && cargo deny check licenses

integ/deny.toml

@@ -0,0 +1,38 @@
+[licenses]
+unlicensed = "deny"
+
+# Deny licenses unless they are specifically listed here
+copyleft = "deny"
+allow-osi-fsf-free = "neither"
+default = "deny"
+
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 0.93
+
+# Licenses that are allowed but unused are commented out to silence warnings
+allow = [
+    "Apache-2.0",
+    #"BSD-2-Clause",
+    "BSD-3-Clause",
+    "BSL-1.0",
+    #"CC0-1.0",
+    #"ISC",
+    "MIT",
+    # OpenSSL",
+    "Unlicense",
+    "Zlib"
+]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[[licenses.clarify]]
+name = "webpki"
+expression = "ISC"
+license-files = [
+    { path = "LICENSE", hash = 0x001c7e6c },
+]

updater/deny.toml

@@ -0,0 +1,38 @@
+[licenses]
+unlicensed = "deny"
+
+# Deny licenses unless they are specifically listed here
+copyleft = "deny"
+allow-osi-fsf-free = "neither"
+default = "deny"
+
+# We want really high confidence when inferring licenses from text
+confidence-threshold = 0.93
+
+# Licenses that are allowed but unused are commented out to silence warnings
+allow = [
+    "Apache-2.0",
+    #"BSD-2-Clause",
+    "BSD-3-Clause",
+    "BSL-1.0",
+    #"CC0-1.0",
+    "ISC",
+    "MIT",
+    "OpenSSL",
+    "Unlicense",
+    "Zlib"
+]
+
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 },
+]
+
+[[licenses.clarify]]
+name = "webpki"
+expression = "ISC"
+license-files = [
+    { path = "LICENSE", hash = 0x001c7e6c },
+]