To address repeated CI failure due to missing dependencies in go.mod
leading to backward-incompatible upgrades, fully specify all
dependencies in go.mod.

The go.mod file was created by starting from the original go.mod, then
applying all of the "go get" commands from .circleci/config.yml using
go1.14, including an additional upgrade to
google.golang.org/grpc@v1.32.0 to satisfy the requirements of
internal/traceprof/testapp. Then I ran "go1.14 mod tidy" and finally the
unit tests to make sure go.sum was fully up-to-date.

This change may lead to breaking builds down-stream if users are
upgraded (via our go.mod) to newer versions of libraries which ignore
semver like grpc. However, unless and until integrations are moved to
separate go.mod files, we need to specify *some* minimum supported
version of every dependency so that users of the integrations know which
version to get and so that our CI is not constantly breaking.

This should not be necessary now that we have fully populate go.mod and
go.sum.

Wherever possible, downgraded the required versions of direct imports in
go.mod to be the minimum that would 1) compile, 2) pass tests locally,
and 3) didn't have security vulnerabilities listed on pkg.go.dev.

Still need to verify that the integration tests pass. Having lower
versions listed where possible should reduce the likelihood of
downstream users getting unintentionally upgraded.

This is the earliest version that actually passes the integration tests.

This is the earliest version that passes the integration tests.

I thought I did this before but I guess not. This is the minimum version
required by internal/traceprof for its protobuf code.

That version introduced an API change (breaking, of couse) that the test
relies on.