Feature: Allow excluding projects with non-OSI approved licenses

[kevindigo]

I believe the GitHub API can return the license for a given repo. OSI runs a server that lists approved licenses (https://github.com/OpenSourceOrg/api/blob/master/doc/endpoints.md). For each contribution, I think we could determine the license for the associated repo, and see if that is in the (current) list of OSI approved licenses. If it is not, we could ignore that contribution as we consider whether this user has made a contribution.

This should be optional, controlled by a configuration setting, with the default of using the current behavior (not filtering based on OSI license).

[kevindigo]

Since this could omit legitimate open source contributions, perhaps it should output a list of people that were omitted, along with the repos they contributed to. That way, those repos could be checked to see if they list the wrong license.

Also, a follow-on feature (which should be a separate issue) would be to allow configuring a list of other licenses that should be considered eligible, to handle non-OSI licenses that are still considered open source by whoever is running starfish.

[danisyellis]

When #104 is implemented, it will also be looking at whether or not a repo has a license. My thought is that we'll see which one of these two issues gets implemented first, and then probably reuse the list of repos-without-a-license.
I guess it would probably be easiest if this feature were made first, and then it could be used for 104.

+1 to the idea above of outputting a list of the contributions that are omitted based on this feature.