Pin the version of scancode that is used for license scanning

[mthalman]

The use of scancode in the license scanning tests can be problematic when newer versions of it are released. The infrastructure will automatically pick up the new version which may lead to test failures because the results are different than before. This can happen, for example, when bugs are fixed that yield a more specific license compared to what it had identified in the previous version. An example of a response to such a release is here: dotnet/installer#17561.

To avoid these kinds of changes potentially blocking a build when a release is locked, we should the pin the version of scancode that is used and update it regularly.