Add MIT-compatible dependency review config file

[jeffpaul]

Is your enhancement related to a problem? Please describe.

We currently have https://github.com/10up/.github/blob/trunk/.github/dependency-review-config.yml which allows for scanning of GPL-compatible dependencies (as well as commented-out bits for GPL-incompatible dependencies), but nothing that's specific for MIT-compatible (aka Expat license) dependencies that would benefit out GitHub Actions and other projects that are not WordPress plugins (aka GPL-compatible projects). I would like to be able to create a GitHub Action like https://github.com/10up/insert-special-characters/blob/develop/.github/workflows/dependency-review.yml that could consume an MIT-Compatible License Policy in those projects (e.g. GitHub Actions, Cypress setup & utilities, Credits Generator, Metrics Generator).

Designs

In doing some initial, yet incomplete, research the following are licenses and their SPDX identifiers that appear to be compatible with the MIT license (aka Expat):

    Apache License 1.0 (Apache-1.0)
    Apache License 1.1 (Apache-1.1)
    Apache License 2.0 (Apache-2.0)
    Artistic License 1.0 (Artistic-1.0)
    Artistic License 2.0 (Artistic-2.0)
    BSD 2-Clause "Simplified" License (BSD-2-Clause)
    BSD 3-Clause "New" or "Revised" License (BSD-3-Clause)
    BSD-3-Clause-Attribution License (BSD-3-Clause-Attribution)
    Boost Software License 1.0 (BSL-1.0)
    Common Development and Distribution License 1.0 (CDDL-1.0)
    Common Public Attribution License 1.0 (CPAL-1.0)
    Eclipse Public License 1.0 (EPL-1.0)
    GNU General Public License v2.0 or later (GPL-2.0-or-later)
    GNU Lesser General Public License v2.1 or later (LGPL-2.1-or-later)
    IBM Public License 1.0 (IPL-1.0)
    ISC License (ISC)
    Microsoft Public License (MS-PL)
    Microsoft Reciprocal License (MS-RL)
    MIT License (Expat) (MIT)
    Mozilla Public License 1.0 (MPL-1.0)
    Mozilla Public License 1.1 (MPL-1.1)
    Mozilla Public License 2.0 (MPL-2.0)
    Open Software License 3.0 (OSL-3.0)
    PostgreSQL License (PostgreSQL)
    SIL Open Font License 1.1 (OFL-1.1)
    University of Illinois/NCSA Open Source License (NCSA)
    zlib License (Zlib)

...and here's a listing of licenses that appear to NOT be compatible with the MIT license (aka Expat):

    Affero General Public License version 1 (AGPL-1.0)
    Affero General Public License version 3 (AGPL-3.0)
    Affero General Public License version 3 with exception (AGPL-3.0-with-exception)
    GNU General Public License version 1 (GPL-1.0)
    GNU General Public License version 2 (GPL-2.0)
    GNU General Public License version 3 (GPL-3.0)
    GNU Lesser General Public License version 2.0 (LGPL-2.0)
    GNU Lesser General Public License version 2.1 (LGPL-2.1)
    GNU Lesser General Public License version 3.0 (LGPL-3.0)
    GNU Library General Public License version 2 (LGPL-2.0)
    GNU Library General Public License version 2.1 (LGPL-2.1)
    GNU Library General Public License version 3 (LGPL-3.0)
    Mozilla Public License 1.0 (MPL-1.0)
    Mozilla Public License 1.1 (MPL-1.1)
    OpenSSL License (OpenSSL)
    Sun Industry Standards Source License (SISSL)
    W3C Software Notice and License (W3C)

The above listings were pulled from a quick web search and should NOT be taken as final listings. More discerning research should be made to ensure whatever a resulting MIT-Compatible License Policy is accurate, precise, and as complete as feasible.

Describe alternatives you've considered

No response

Code of Conduct

• I agree to follow this project's Code of Conduct