License detection outputs deprecated SPDX identifiers, blocking AGPL packages from Pursuit

[philippedev101]

When publishing a package with a standard AGPL-3.0 LICENSE file, the registry's license detection reports AGPL-3.0 — which is a deprecated SPDX identifier. This creates a catch-22:

• If the manifest says AGPL-3.0-only or AGPL-3.0-or-later (the valid SPDX replacements), the registry rejects it as a mismatch against the detected AGPL-3.0
• If the manifest says AGPL-3.0 to match detection, the registry accepts it but Pursuit rejects it as invalid SPDX

So there's no license value that both the registry and Pursuit will accept.

Registry logs when using AGPL-3.0-only:

‼ License mismatch detected: manifest has 'AGPL-3.0-only' but detected AGPL-3.0

Pursuit error when using AGPL-3.0:

The license specified in package manifest is not a valid SPDX license expression.