Description
First of all thanks for a great well documented and working tool!
We currently use it in ci-pipelines to ensure that no new licenses are introduced and like often is the case some packages will have to be whitelisted with an otherwise forbidden license.
This happens of course after vetting that this is acceptable and it's well controlled to a an explicit package.
There is however a worry that these whitelisted packages may change licenses in later versions to ones that the exception was cleared for and an option to only accept it as long as it has a given license (would probably need to have more than one as otherwise there is no way to handle the transition with a version range).
If it sounds like an acceptable and reasonable idea I wouldn't mind trying to implement it in a PR