SPDX reporter crashes due to invalid SPDX expressions

[fviernau]

Since ScanCode was configured to associate exceptions with nearby licenses, one may get license-exception combinations with IDs for exceptions which are not on the SPDX list. These are invalid in SPDX 2.x spec which in turn makes some requires check in the SPDX report fail.

Possible solutions:

1. Add an additional option to ScanCode to only associate exceptions from the SPDX list, but not custom ones.
2. Add a configuration option to ORT for toggling whether the SPDX expression need to conform to 2.x spec

Probably in any case the SPDX Document needs to be changed to tolerate such expressions.

[mnonnenmacher]

Related PR: #7367

[sschuberth]

/cc @maxhbr

[maxhbr]

relevant change proposal: spdx/change-proposal#4

[sschuberth]

Related PR: #7367

Can this be closed as #7399, which supersedes #7367, is merged?

[fviernau]

Closed as the crash is fixed. One might add a follow up e.g. as described in the ticket description though.