Switching to Community-Spec-1.0 for specification license

[idunbarh]

See issue !13.

LF started IP/License review of SBOMit for the OpenSSF sandbox application, and requested we switch the license of the spec to Community Specification License 1.0

See https://github.com/CommunitySpecification/Community_Specification/blob/main/1._Community_Specification_License-v1.md
This is required by the OpenSSF Charter (Section 5, Page 9):
https://cdn.platform.linuxfoundation.org/agreements/openssf.pdf

[sudo-bmitch]

Does this require getting signoff from all committers to the project (to change the license they used with their contributions)?

[colek42]

lgtm

[JustinCappos]

For now, do not merge this PR!

There is still a discussion ongoing and some of our early folks were very opposed to this license. I'm following up with the OpenSSF in the linked issue on their tracker.

[idunbarh]

Switching to draft to ensure its not merged until licensing until discussion with LF and maintainers is resolved.

[idunbarh]

@JustinCappos thoughts on this PR? We have support from @mnm678 @colek42 and @trishankatdatadog.

[JustinCappos]

Had a great conversation with Mike Dolan and Jory about the details here. We can merge!

[idunbarh]

resolves #13