Add more license mappings

[tmehnert]

I have added more license mappings. I would appreciate if you could take a look at the PR.

This PR Resolve #212

[stevespringett]

Thanks for the PR. @msymons any concerns?

[msymons]

The concern about mapping of "The BSD License" to BSD-4-Clause rather than to BSD-4-Clause has not yet been resolved. See #205 with my comment added 5th June 2022.

For new mappings added in this PR I would say "Looks OK but I do not have examples to hand to judge otherwise".

One thing I can see in my Dependency-Track v4.6.0 SNAPSHOT, displaying BOMs generated by latest version of cyclonedx-maven-plugin is that it is very visible when a mapping has not YET been done. Here is one example:

"ASF 2.0", which should map to Apache-2.0

Example: https://repo1.maven.org/maven2/cglib/cglib-parent/3.3.0/cglib-parent-3.3.0.pom

I also see unmapped:

• GNU Lesser Public License
• GNU LESSER GENERAL PUBLIC LICENSE

...but how far do you want to go with mapping? ie, would it be useful for me to dig out additional examples?

[tmehnert]

I have added the mapping for "ASF 2.0". Proven by example cglib and imgscalr. If some of the mappings in the PR are unclear, i can provide additional examples too. What's your opinion to go further?

[tmehnert]

I think GNU Lesser ... Licenses have to many ambiguities to map them safely. See in screenshot of SPDX License List. Do you agree?

[tmehnert]

@stevespringett it would be nice, if we can get this PR done. If any concerns left, just tell me and i will do more research as you wish.

[stevespringett]

Thanks again for the PR @tmehnert. Much appreciated.