Add an SPDX file to the repository to streamline license and security reviews by user organizations (#42102)

* Add an SPDX file to the repository. 
* New script contrib/updateSPDX.jl .  Ran the script to update the SPDX file.

Author: SamuraiAku

THIRDPARTY.md

@@ -21,7 +21,7 @@ own licenses:
 
 - [LIBUNWIND](https://github.com/libunwind/libunwind/blob/master/LICENSE) [MIT]
 - [LIBUV](https://github.com/JuliaLang/libuv/blob/julia-uv2-1.39.0/LICENSE) [MIT]
-- [LLVM](https://releases.llvm.org/6.0.0/LICENSE.TXT) [UIUC]
+- [LLVM](https://releases.llvm.org/12.0.1/LICENSE.TXT) [APACHE 2.0 with LLVM Exception]
 - [UTF8PROC](https://github.com/JuliaStrings/utf8proc) [MIT]
 
 Julia's `stdlib` uses the following external libraries, which have their own licenses:

contrib/updateSPDX.jl

@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: MIT
+# This file is a part of Julia. License is MIT: https://julialang.org/license
+#
+# Run this script with each new Julia release to update "../julia.spdx.json"
+
+using UUIDs
+using Dates
+using JSON
+using TimeZones
+using DataStructures
+
+spdxDocument= "../julia.spdx.json"
+spdxData= JSON.parsefile(spdxDocument; dicttype=OrderedDict{String, Any})
+
+# At the moment we can only update a few items automatically with each release.
+# These are the crucial elements to make a new version of the SPDX file.
+# Any other changes (ex. Adding or removing of external dependencies, updating copyright text, etc.) must be performed manually
+spdxData["documentNamespace"]= "https://julialang.org/spdxdocs/julia-spdx-" * string(uuid4())
+spdxData["creationInfo"]["created"]=  Dates.format(now(tz"UTC"), "yyyy-mm-ddTHH:MM:SS") * "Z"
+
+for pkg in spdxData["packages"]
+    if pkg["SPDXID"] == "SPDXRef-JuliaMain"
+        pkg["versionInfo"]= readline("../VERSION")
+        pkg["downloadLocation"]= "git+https://github.com/JuliaLang/julia.git@v" * pkg["versionInfo"]
+        break
+    end
+end
+
+open(spdxDocument, "w") do f
+    JSON.print(f, spdxData, 4)
+end