License information/summarisation

[43081j]

We should traverse the dependency tree to determine what licenses we have deeply for any given package.

This can either be done up front and stored as a top level field, or it can be its own endpoint which does it through traversal and caches the result.

The result would be something like licenses: ["MIT", "GPL 2"] with all observed licenses.

[ghostdevv]

I think this would be fairly cheap to do as a sql query and cached. Hyperdrive has caching built-in + we can add some http cache headers - then should work well

[43081j]

that makes sense to me 👍

also versions are ranges, so it probably makes more sense to do this at runtime so we query the latest matching version somehow

licenses rarely change but its possible. so we don't need to be exact, just better than static i think