Remove custom crypto library dependencies

[ncdc]

We currently indirectly depend on https://github.com/cloudflare/circl, which complicates ensuring FIPS compliance because it is outside of standard go crypto. We need to remove all custom crypto dependencies.

go mod why -m github.com/cloudflare/circl
# github.com/cloudflare/circl
github.com/operator-framework/rukpak/internal/source
github.com/go-git/go-git/v5
github.com/ProtonMail/go-crypto/openpgp
github.com/ProtonMail/go-crypto/openpgp/internal/ecc
github.com/cloudflare/circl/dh/x25519

We also need to remove golang.org/x/crypto usage:

go mod why -m golang.org/x/crypto
 # golang.org/x/crypto
github.com/operator-framework/rukpak/internal/source
golang.org/x/crypto/ssh

I believe both of these can be solved by:

• Replace go-git with something else that doesn't use custom crypto #684

[github-actions]

This issue has become stale because it has been open 60 days with no activity. The maintainers of this repo will remove this label during issue triage or it will be removed automatically after an update. Adding the lifecycle/frozen label will cause this issue to ignore lifecycle events.