Add a Contributor License Agreement to Argus

[lunkwill42]

Rationale

With the recent work on argus-htmx-frontend, we're now receiving code contributions from developers external to Sikt, which means that there isn't necessarily a single copyright holder to the codebase any longer.

Argus is currently licensed under GPLv3. This was a practical matter at the inception of the Argus project, as it was partially inspired by the alert system in NAV ( https://github.com/Uninett/nav ). It was not clear at the outset whether we would be re-using code from NAV or linking Argus to NAV somehow, and since NAV is licensed as GPLv3, we thought it best to use the same license.

Argus has now been in production for a few years, and we have yet to include or link Argus to NAV in an way that would "infect" it with the GPL license. Most of our greenfield projects these days use the Apache 2.0-license, and if we were to change the Argus license, that would be a candidate (to be clear: We would never consider anything but an OSI-approved license for Argus. It is built with public money, after all).

With NAV, we experienced the pain of changing NAV's license from GPLv2-only to GPLv3+, due to many copyright owners that had to be tracked down to sign off on the switch. This is what led us to adopt a contributor license agreement (CLA) in that project (a Fiduciary license agreement)

What's the deal with a CLA?

For us (Sikt), a CLA based on the Fiduciary License Agreement has three main purposes:

1. It requires any outside contributor to attest that they are within their right to make a contribution to our project under the terms of the license (i.e. they own the copyright or are authorized by the copyright owner to release the contribution under our license).
2. It grants us, as fiduciary of the software project, a copyright license to do what we please with the contribution, as long as we ensure the contribution always remains free software (i.e. release it under any license approved by the Open Source Initiative as an Open Source license).
3. It grants the contributor the right to do whatever they want with their own contribution, and also the power to revoke our license to it if we were to break the license agreement.

What does a CLA look like?

See NAV's Fiduciary License Agreement for the full agreement text: https://cla-assistant.io/Uninett/nav

How do we enforce it

We only accept contributions via GitHub, so we would re-use the same tools we use for NAV: We enlist the help of the CLA assistant, whose bot will scan the commits of all pull requests and make a polite request to sign the CLA if it sees any unknown commit authors. The CLA is signed electronically by authors using their GitHub accounts.

[hmpf]

See #959 for mailmap