Document how to obtain license file hashes for clarifications

[tim3z]

https://github.com/rustls/webpki-roots since version 1.0.0 is licensed Apache2, MIT and CDLA-Permissive-2.0. However, cargo deny only picks up CDLA-Permissive-2.0, probably because it only contains the files and no license field in Cargo.toml. Since our codebase doesn't allow CDLA-Permissive-2.0 but Apache2/MIT, I wanted to configure a clarification like so:

[[licenses.clarify]]
name = "webpki-roots"
expression = "Apache-2.0 AND MIT AND CDLA-Permissive-2.0"

license-files = [
    { path = "LICENSE-MIT", hash = ???? },
    { path = "LICENSE-APACHE" hash = ???? },
    { path = "LICENSE-CCADB", hash = ???? },
]

However, I'm failing to compute the hash values for these license files. And I can't find any documentation whatsoever explaining how to get them. The only thing I could find was here https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-hash-field where it says, check will tell me if it can't determine the license of a file. But this isn't the problem, my problem is that I it just misses some license files. And if I leave out the hashes it just complains that the field is missing. So how can I get those hashes? Sorry if I'm just to stupid to find the appropriate docs, but I've searched for half a day now and if it's somewhere, it's hidden really well 🙈

[Jake-Shadle]

Hashes only apply to files available in the package source, those license files are present in the repository but not in package source, thus there is nothing to verify the hashes against.