ci: add Enforce License Compliance workflow

[thomasrockhu-codecov]

Adds .github/workflows/enforce-license-compliance.yml using getsentry/action-enforce-license-compliance so FOSSA runs on pull requests. Requires repository secret FOSSA_API_KEY (or org-level availability).

Also adds .fossa.yml / optional root requirements.txt when missing so fossa analyze can discover targets.

[sentry]

Bug: The workflow will fail for pull requests from forks because secrets.FOSSA_API_KEY is not available, causing the license compliance check to either fail or be silently skipped.
_{Severity: HIGH}

Suggested Fix

Use the pull_request_target event instead of pull_request. This event runs in the context of the base repository and has access to secrets. Alternatively, add a condition to the step to only run it on non-fork PRs, for example: if: github.event.pull_request.head.repo.full_name == github.repository.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: .github/workflows/enforce-license-compliance.yml#L12

Potential issue: The `enforce-license-compliance` workflow is triggered on
`pull_request` events, including those from forks. However, GitHub Actions intentionally
do not provide secrets like `FOSSA_API_KEY` to workflows from forked repositories for
security reasons. Consequently, for any external contribution via a fork PR, the
`fossa_api_key` input will be an empty string. This will either cause the
`getsentry/action-enforce-license-compliance` action to fail, blocking the PR, or
silently bypass the license scan, defeating the purpose of the workflow.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[sentry]

Bug: The empty requirements.txt file will cause the FOSSA CLI to find zero dependencies and exit with an error, failing the CI workflow on every run.
_{Severity: HIGH}

Suggested Fix

Since the repository contains no Python dependencies, the requirements.txt file should be removed. The FOSSA configuration (.fossa.yml) should be updated to explicitly ignore Python/setuptools targets to prevent the tool from searching for them and failing when none are found.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: requirements.txt#L1

Potential issue: The newly added `requirements.txt` file contains only a comment and no
actual dependencies. The FOSSA CLI tool, which is executed by the
`enforce-license-compliance` workflow, is documented to exit with a non-zero status code
when it analyzes a project and discovers zero dependency targets. This will cause the
`fossa analyze` command to fail, which in turn will cause the entire GitHub Actions
workflow to fail on every run, blocking all pull requests from being merged.

_{Did we get this right? 👍 / 👎 to inform future reviews.}