Support SPDX "user defined license reference" (aka LicenseRef)

[ma-ble]

What would you like to be added:

We are using a SPDX "user defined license references" (aka LicenseRef), which are not defined by a standard SPDX license identifier. When we let grant check these licenses, at the beginning we get the error message - "unable to get license by ID: LicenseRef-XXXX; no matching spdx id found sbom.json".

> grant check sbom.json 
[0000] ERROR unable to get license by ID: LicenseRef-XXXX; no matching spdx id found 
* sbom.json

> grant list sbom.json 
[0000] ERROR unable to get license by ID: LicenseRef-XXXX; no matching spdx id found
* sbom.json

I would like to be able to add SPDX "user defined license reference" (aka LicenseRef) in Grant - for example via the .grants.yaml configuration file.

Why is this needed:

The support of SPDX "user defined license references" (aka LicenseRef) in Grant would be advantageous in conjunction with Syft (creating SBOMs), since Syft sets spdxExpressions in the SBOM. This would enable a seamless and automated check of the licenses.

Additional context: