Github remote repository LicenseURL guessing through GithubAPI

[pgarus97]

This pull request extends the functionality of the ORT Reader by allowing to fill the LicenseURL column in the generated inventory.
It introduces following functions:

• Resolving remote repository github links (ending with .git) through the LicenseGuessing algorithm. It is achieved via github API calls, which can track the exact license file url. This includes correct caching.
  -> This helps the ORT Reader to properly function as the input file in most cases only contains github remote repository links.
• The ability to link a personal github token through the application property 'solicitor.githubtoken'

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

<sup><sub>🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!</sub></sup>

[sonatype-lift]

COMMAND_INJECTION: This usage of java/lang/ProcessBuilder.([Ljava/lang/String;)V can be vulnerable to Command Injection

---

ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command	Usage
@sonatype-lift ignore	Leave out the above finding from this PR
@sonatype-lift ignoreall	Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool>	Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
_{Click here to add LiftBot to another repo.}

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

[ohecker]

@pgarus97 : Lift is marking this as a security issue (possible command injection). Independently of this security issue: Why do we spawn a separate operating system process just to do a simple HTTP GET here? To be independent of the underlying operating system (curl command) we should use Java/Spring functionality to do the web call. This can be done e.g. using RestTemplate (which is or will soon be deprecated) or (preferably) the newer WebClient.

Dependency needed for RestTemplate:
org.springframework.boot
spring-boot-starter-web

and for WebClient:

<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>