support multiple license file hashes in license-scan

[jpculp]

When pulling multiple versions of a dependency that requires a clarify.toml it is possible to get in a situation where the license hash differs between the versions. Since we can only pass one hash per filename, the license check will always fail for one of the two. At a minimum, we should support multiple hashes for a given filename.