feat: spdx license lint gererated by Kiro (human PR in #15847 btw)

[weihanglo]

This pull request introduces a new Cargo lint to validate package.license fields against SPDX license expression standards. The change is thoroughly planned and documented, including requirements, design, tasks, and dependency updates. The new lint will help package authors ensure their license expressions are correctly formatted, improving compatibility with tools and aligning validation with crates.io. The implementation focuses on robust error reporting, edition-specific defaults, and comprehensive testing.

Key changes:

SPDX License Validation Lint Design and Requirements

• Added a detailed requirements document outlining user stories and acceptance criteria for the new lint, covering validation behavior, error reporting, edition-specific defaults, integration with Cargo's lint system, and alignment with crates.io's SPDX validation.
• Added a comprehensive design document describing the architecture, validation logic, error reporting, integration with the spdx crate, diagnostic strategies, testing approach, and implementation phases for the new invalid_license_expression lint.

Implementation Planning

• Created a task list for implementing the lint, including dependency management, test planning, lint definition, error reporting, edition/workspace integration, and documentation. Progress is tracked with checkboxes and requirements mapping.

Dependency and Workspace Updates

• Added the spdx crate (version 0.10.9) to the workspace and main dependencies in Cargo.toml to enable SPDX license expression validation. [1] [2]
• Reformatted several dependency lists in Cargo.toml for readability and maintainability, but with no functional changes. [1] [2] [3] [4] [5] [6]

These changes lay the groundwork for robust SPDX license validation in Cargo, ensuring consistency, clear error reporting, and future extensibility.