Comment 1 for bug 1781013

SPDX licensing info spec is evolving, so this changed from the time we implemented this.

As it stands right now, I think we should replace our static lists LICENSES and LICENSE_EXCEPTIONS with the ones from here:

https://github.com/spdx/license-list-data/tree/master/json

There's a json file for licenses and another for exceptions, containing nice structured data, and they even have old licenses like LGPL-2.0 (which is equivalent to the new LGPL-2.0-only) and they are correctly marked as deprecated.

So:
- Find a way to sync copy of those two json files into our project tree (complication: this lives in github and we prefer not to pull files from random locations when building our project).
- json.somethingsomething the data in those lists to produce LICENSES and LICENSE_EXCEPTIONS dicts that look like the ones we have now
- Profit

The license validation logic should be generic enough that a test for the given expression should not be needed. We can add it of course, but then it becomes a matter of chasing the spec around.