Match license by URL

### Current Behavior

If I understand correctly the code at https://github.com/DependencyTrack/dependency-track/blob/6db3593337394311ca21c211cd2bd465becaf4cb/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java#L724 license is matched by SPDX ID or by name.

### Proposed Behavior

License names can be misspelled, matching by license URL seems more robust. 
E.g. SPDX maven plugin [matches licenses by URL](https://github.com/spdx/spdx-maven-plugin/issues/180#issuecomment-2680231286)

To preserve backwards compatibility the matching by URL should be added as last attempt

### Checklist

- [x] I have read and understand the [contributing guidelines](https://github.com/DependencyTrack/dependency-track/blob/master/CONTRIBUTING.md#filing-issues)
- [x] I have checked the [existing issues](https://github.com/DependencyTrack/dependency-track/issues) for whether this enhancement was already requested

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Match license by URL #5137

Current Behavior

Proposed Behavior

Checklist

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Match license by URL #5137

Description

Current Behavior

Proposed Behavior

Checklist

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions