chore(deps): allow OpenSSL and CDLA-Permissive-2.0 licenses (#44)

## Summary

Two Rust crate dependencies in
[hex-cli-dev#17](hex-inc/hex-cli-dev#17) are
blocked by the dependency review workflow because their SPDX license
identifiers aren't in the allow list:

- **`aws-lc-sys`** — license: `ISC AND (Apache-2.0 OR ISC) AND OpenSSL`.
ISC and Apache-2.0 are already allowed; `OpenSSL` is not.
- **`webpki-root-certs`** — license: `CDLA-Permissive-2.0`. Not
currently allowed. [LICENSE](https://cdla.dev/permissive-2-0/)

Both are permissive licenses with no copyleft or restrictive terms,
suitable for the general allow list.

## Changes

- Add `CDLA-Permissive-2.0` to `allow-licenses` (after `CC0-1.0`)
- Add `OpenSSL` to `allow-licenses` (after `OFL-1.1`)

Author: HoganMcDonald

.github/workflows/dependency-review.yml

@@ -47,6 +47,7 @@ jobs:
             CC-BY-3.0,
             CC-BY-4.0,
             CC0-1.0,
+            CDLA-Permissive-2.0,
             EPL-2.0,
             HPND-Markus-Kuhn,
             ISC,
@@ -61,6 +62,7 @@ jobs:
             MIT-CMU,
             MPL-2.0,
             OFL-1.1,
+            OpenSSL,
             PSF-2.0,
             Python-2.0,
             Python-2.0.1,