fix(sbom): fix false positives in monthly license audit

Three issues caused the monthly audit to report already-resolved submodules:

1. The audit workflow grepped for "NOASSERTION" anywhere in the output,
   matching the Detected column even when the Final column had a valid
   override (e.g. libtomcrypt detected as NOASSERTION but overridden to
   Unlicense). Changed to grep for "<-- UNRESOLVED" marker instead.

2. Submodules with an explicit NOASSERTION override in license-overrides.yaml
   (like libfc-sensor-api, which is proprietary) were still counted as
   failures. Now treated as "acknowledged" since someone intentionally
   added the override entry.

3. Added missing BSD-3-Clause override for sitl_gazebo-classic (PX4 org
   project with no LICENSE file in repo).

Fixes #26932

Signed-off-by: Ramon Roche <mrpollo@gmail.com>

.github/workflows/sbom_monthly_audit.yml

@@ -39,10 +39,10 @@ jobs:
       - name: Check for issues
         id: check
         run: |
-          if grep -q "NOASSERTION" /tmp/sbom-verify.txt; then
+          if grep -q "<-- UNRESOLVED" /tmp/sbom-verify.txt; then
             echo "has_issues=true" >> "$GITHUB_OUTPUT"
-            # Extract NOASSERTION lines
-            grep "NOASSERTION" /tmp/sbom-verify.txt | grep -v "skipped" > /tmp/sbom-issues.txt || true
+            # Extract only genuinely unresolved license lines
+            grep "<-- UNRESOLVED" /tmp/sbom-verify.txt > /tmp/sbom-issues.txt || true
             # Extract copyleft lines
             sed -n '/Copyleft licenses detected/,/^$/p' /tmp/sbom-verify.txt > /tmp/sbom-copyleft.txt || true
           else