fix: add debian/copyright.commercial for commercial .deb builds

[MarkAtwood]

Summary

Adds commercial-license packaging metadata for .deb and .rpm builds.

The Jenkins packaging jobs run license.pl to replace source headers and COPYING with commercial text, but packaging metadata (debian/copyright, RPM spec License: field) was left unchanged, shipping GPL references in commercial packages.

Files added

• debian/copyright.commercial -- DEP-5 format, declares wolfSSL-Commercial for wolfSSL code, preserves correct third-party attribution (NTT camellia, BLAKE2, Zephyr, m4 macros)
• rpm/spec.in.commercial -- License: LicenseRef-wolfSSL-Commercial (SPDX custom identifier for proprietary), commercial description text

Both are drop-in replacements: the build pipeline copies them over the GPL originals after license.pl runs. Also adds previously missing blake2b.c/blake2s.c attribution (CC0-1.0, Samuel Neves).

Test plan

• Corresponding wolfSSL/scripts#589 adds the license.pl swap logic
• Neither file contains "GPL" or "General Public" (safe for license.pl post-build grep)

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a Debian machine-readable copyright file intended for commercial/FIPS .deb builds to avoid shipping GPL metadata, while preserving third‑party license attributions.

Changes:

• Introduces debian/copyright.commercial as a drop-in replacement for commercial packaging.
• Declares commercial wolfSSL licensing and retains upstream licenses for bundled third-party sources.
• Adds attribution for BLAKE2 sources (CC0-1.0, Samuel Neves).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[MarkAtwood]

Closing -- per Lealem's feedback, commercial packaging metadata should not live in the public wolfssl repo. The files have been moved to wolfSSL/scripts#589 where they live alongside the existing license templates.