license-scan: allow clarification version reqs

[cbgbt]

Description of changes:
Closes #98

license-scan: allow clarification version reqs

Clarifications can now optionally provide semver version specifiers.
See https://docs.rs/semver/latest/semver/enum.Op.html for more details
on allowed specifiers.

While trying to update the regex crate for the bottlerocket-update-operator, two major versions of regex-automata are pulled in due to matchers being on an older version.

Unfortunately, clarify.toml's existing clarification for regex-automata-0.1 clashes with the new licensing for regex-automata-0.3. This adds the ability to clarify both versions.

Limitations
This currently assumes that the versions will follow semver; however, this implementation does not close the door to other version comparisons. If need be, we can replace VersionReq with an enum that also supports fallback to something like RPM version comparison

Testing done:

• Provided unit tests pass

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[stmcginnis]

Nice! Looks like this could close #98

[cbgbt]

Nice! Looks like this could close #98

@stmcginnis nice catch! I modified a test to make this more clear and updated the PR description.

[cbgbt]

I chatted with @jpculp that tought me that you have to explicitly run clippy against tests with cargo clippy --tests

Fixed a lint against the test module.

[stmcginnis]

Ironically, this now fails due to multiple versions with cargo-deny:

error[B004]: found 2 duplicate entries for crate 'semver'
   ┌─ /home/stmcg/src/bottlerocket-os/bottlerocket-sdk/license-scan/Cargo.lock:58:1
   │  
58 │ ╭ semver 0.10.0 registry+https://github.com/rust-lang/crates.io-index
59 │ │ semver 1.0.18 registry+https://github.com/rust-lang/crates.io-index
   │ ╰───────────────────────────────────────────────────────────────────^ lock entries
   │  
   = semver v0.10.0
     └── cargo_metadata v0.11.4
         └── bottlerocket-license-scan v0.1.0
   = semver v1.0.18
     └── bottlerocket-license-scan v0.1.0

bans FAILED, licenses ok, sources ok

Submitted #126 to fix that.

We should probably look in to some basic GitHub Action checks to run for this repo...

[cbgbt]

😵

We should probably look in to some basic GitHub Action checks to run for this repo...

I should have also just run the project-level build, rather than assume that this crate's testing would be sufficient. I forgot about the additional top-level checks. My bad!