Pin go-licenses to v2.0.1 for reproducible builds

Fixes code scanning alerts #10 and #11 by removing the @latest
version for local development and using the pinned v2.0.1 version
consistently across all environments.

This ensures deterministic builds and addresses the CWE-494
'Download of Code Without Integrity Check' security concern.

Author: SamMorrowDrums

script/licenses

@@ -18,13 +18,9 @@
 #       depending on the license.
 set -e
 
-# Pinned version for CI reproducibility, latest for local development
+# Pinned version for reproducibility
 # See: https://github.com/cli/cli/pull/11161
-if [ "$CI" = "true" ]; then
-    go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e # v2.0.1
-else
-    go install github.com/google/go-licenses@latest
-fi
+go install github.com/google/go-licenses/v2@v2.0.1
 
 # actions/setup-go does not setup the installed toolchain to be preferred over the system install,
 # which causes go-licenses to raise "Package ... does not have module info" errors in CI.