license check fail to find FSF/OSI license

[szuecs]

PR triggered a change in the scorecard for the license check. https://github.com/zalando/skipper/blob/master/LICENSE is in general Apache but for one directory pathmux it's MIT. The license list shows that both are FSF and OSI license compliant.

1. Why does it fail?
2. Can we apply a workaround? As far as I understand Alternately, create a LICENSE directory and add a license file(s) with a name that matches your [SPDX license identifier](https://spdx.org/licenses/). such as LICENSES/Apache-2.0.txt. could be a viable workaround. As far as I understand the text it would be possible to add empty files LICENSES/Apache-2.0.txt and LICENSES/MIT.txt to workaround the problem, right?

[spencerschrock]

1. We rely on the GitHub / GitLab license type detection, which doesn't always work when you modify the license text.
2. The workaround doesn't seem like it would work here based on how the code exits currently.

We shouldn't be warning on this part in my opinion, and it should be easy to tweak the threshold so it doesn't create a code scanning alert over this.

[szuecs]

@spencerschrock thanks!