Allow configuring a proprietary non-SPDX-listed license

[Clockwork-Muse]

My company has enabled this action at the org level, which is great. However, it's throwing up warnings because of missing/unknown license files in repos. I'd like a way to configure a company-specific license to be able to quiet these warnings.

Describe the solution you'd like
Some way to configure a license "source"(s), that isn't part of the standard SPDX list, possibly as a purl reference.

Describe alternatives you've considered
While dependency licenses could be ignored via allow-dependencies-licenses, this is unwieldy at the org level, and could be quite a large list.

Additional context
The current package is a custom github action referenced from inside the same org, so a way to ignore "dependencies from this org" would also work, but only for things referenced directly (and not from larger package ecosystems, like nuget/etc).

[PhilipAtCisco]

++ to this FR. We've got the exact same problem in our org and also would benefit from this feature.

Using GitHub actions in our organization with the Dependency Review action results in the license table being populated with "Null" licenses for those GHA usages since there's no way to mark those repositories as using an internal or proprietary license.

We also tried using allow-dependencies-licenses to workaround this problem, but none of the following formats appear to work for GitHub actions so even if listing the repositories manually was tenable for some I'm not sure it's even possible.
pkg:actions/my-org/my-repo
pkg:actions/my-org/my-repo@my-branch
pkg:actions/my-org/my-repo/.github/workflows/file.yml
pkg:github/my-org/my-repo,
pkg:github/my-org/my-repo@my-branch
pkg:github/my-org/my-repo/.github/workflows/file.yml