chore(license): align to Apache-2.0 and enforce license-header integrity in CI

[SizzleUnrlsd]

Context

The ecosystem license matrix requires this repository to be Apache 2.0.

Requested changes

1. Align repository licensing artifacts with Apache 2.0.
2. Add CI enforcement to verify license header integrity on source files.

Proposed architecture

• Policy layer (single source of truth): keep canonical license declaration in LICENSE plus SPDX consistency across repository metadata (README, package metadata, build metadata where applicable).
• Header rules layer: define one configuration file for license-header checks (file globs, excluded folders such as generated/vendor code, SPDX identifier, expected copyright owner).
• Verification layer (CI workflow): add a dedicated workflow (for example .github/workflows/license-integrity.yml) executed on pull_request and push to default branch.
• Developer ergonomics: expose the same checker command locally (script or Make target) so CI and local validation stay consistent.

Why this approach

This separates policy from execution, avoids hardcoded one-off checks, and keeps the mechanism reusable for future license policy updates.

Acceptance criteria

• LICENSE and repository metadata are aligned with Apache 2.0.
• A CI workflow validates license headers deterministically.
• The checker is configuration-driven (no hardcoded per-file fixes).
• CI fails when headers are missing/invalid and reports actionable files.
• Generated and third-party code are handled through explicit exclusions.

Suggested tasks

• Verify/update LICENSE and SPDX declarations.
• Add configurable header-check script/tooling.
• Add license-integrity workflow in CI.
• Document local and CI usage in CONTRIBUTING/README.