Find a generic way to deal with copyright findings than stem from other sources than scanners

[sschuberth]

Aren't copyrights also visible in the web app report? Or isn't that at least planned? Anyway, independently of where copyrights are shown right now, I agree that this should be solved at the data model level, not at the reporter level, to be independent of the report format and any further processing. Such further processing could e.g. be the discussed copyrightFindingCurations that analogously to licenseFindingCurations could be added to PackageConfiguration at some point.

TL;DR while I agree that the UNDEFINED_TEXT_LOCATION is not nice, this is the best we can do for now without significant changes to the data model. I'm fine with the changes.

Originally posted by @sschuberth in https://github.com/oss-review-toolkit/ort/pull/3726#r591267988

[sschuberth]

We need to think about whether we want / need to be able to distinguish between authors and copyright holders still at the reporter stage, which currently is not the case. Also, we may want to rethink the CopyrightFinding data model to not have a hard requirement on a TextLocation (but allow "any" source) to avoid the problem with artificial text locations from generated copyright findings from authors.

[sschuberth]

Taking also the discussion at https://github.com/oss-review-toolkit/ort/pull/3665 into account, we now have three potential sources of copyright holder information:

• Scanners (found by ScanCode specifically)
• Authors (found by the analyzer; usually contains no "Copyright" prefix yet)
• Dedicated metadata fields (like copyrightText in SPDX as found by the analyzer; usually already contains the "Copyright" prefix)