Address license handling

[figueroa1395]

In this PR I try to remove the files that aren't compliant with PGM's license from the dependencies, and then to proceed with the building of such dependencies.

The workflow is as follows: Use fossology-action (which uses fossology engine under the hood - same tooling used by LF), store the licensing results in a json file, parse that file using jq to find the files with undesirable license, remove those files, build.

[figueroa1395]

@TonyXiang8787 @mgovers Can you take a look at this. Some remarks below:

Currently, I am only doing this for Eigen and on the copied source files to test the workflow. If this way of handling this is given the thumbs up, I will then extend it to the other dependencies as well. Moreover, things can probably be deleted directly from src/pgm_build_dependencies/eigen/* and even built from there so we don't have to copy anything here; nevertheless, removing the copied header files here is also an option as this is seldomly run.

In addition, I am testing here for now since I don't have permissions to create a new repo and I can test with what is currently set up in here. But the clean repo can be created as a follow up.

Proof current works: https://github.com/PowerGridModel/pgm-build-dependencies/actions/runs/18343412484/job/52244043851. Furthermore, please take a look at the Remove files with non-accepted license step; even though I ran the same check as the LF one, I made it stricter and found a couple more potential issues, let's make sure this is fine.

One final question: Should we test we the newly built wheel against current pgm? Or the fact that we were able to build afterwards is enough proof that it works? If we want additional testing, do we manually check or do we set some test workflow to be checked before publishing is enabled?

[mgovers]

"check manually" implies that it should not upload. please make sure that that is indeed correctly handled

[figueroa1395]

I meant it as something went wrong, we still upload whatever is in the scan result, take a look. Should I phrase differently?

[mgovers]

we should upload the scan result but not do the actual committing of the files if something went wrong. we may accidentally commit something we should not

[figueroa1395]

I will make sure then that the committing is only done if scanning was successful.

[figueroa1395]

Up until this point, I have tested making a new release in a fork, and pip install . (*[dev], etc.) both locally and in a pgm fork (please focus on the building and testing actions only). Everything works as intended.

I will now extend this workflow to the whole repo (not only the Eigen dependency) and test in the same way as mentioned above.

[figueroa1395]

22761a3 was tested in figueroa1395#2 and https://github.com/figueroa1395/pgm-build-dependencies/actions/runs/18586672383/job/52992052911. The correct building was tested in https://github.com/figueroa1395/power-grid-model/actions/runs/18587252789 (please focus on the building only as that fork fails because it has no releases. Everything works as expected. In any case, manual run of this action is in https://github.com/PowerGridModel/pgm-build-dependencies/actions/runs/18587523173

Note: The CI in the PR doesn't tell anything, check the running action cited last above.