spf13/viper uses hashicorp/hcl which is licensed under MPL-2.0

[hansatgoogle]

Snyk scans are reporting a license issue with a dependency (spf13/viper) because it depends on github.com/hashicorp/hcl@1.0.0 which has a MPL-2.0 license, for example see https://github.com/apigee/registry/actions/runs/6134116191/job/16646630540.

We could either remove our dependency on spf13/viper (which depends on hashicorp/hcl) or add an exception for this finding.

MPL just requires that any changes to the library are made open source under MPL. I think it's extremely unlikely we make any custom changes to hcl so it should be safe to add an exception for this. We could do that by creating a custom license policy in snyk (https://docs.snyk.io/manage-risk/policies/license-policies) or define a custom policy in this repo (https://docs.snyk.io/manage-risk/policies/the-.snyk-file#ignoring-the-license-with-the-cli).