sso_*: remove vendored dependencies

[Jusshersmith]

Problem

Although we've vendored some dependencies we haven't followed through with a process to continue vendoring and updating them (and are not actively building off of them). This brings confusion when understanding how we use modules, and reduces the benefits we might gain from vendoring in the first place (if only some of our dependencies are properly vendored and up to date)

Solution

Remove vendored dependencies and rely on go modules (go.mod) to manage and download dependencies.

(Alternatively, get a full process in place to properly and regularly vendor all of our dependencies - either way, this PR proposes the former to at least start the ball rolling).

Notes

Go 1.13 will by default use a Google-run Go module proxy and checksum database which will attempt to cache public modules (see https://proxy.golang.org/). Although this won't store them forever, this could be a reasonable middle-ground that still helps alleviate some concerns about dependencies becoming unavailable.

If we wanted to use this module proxy we could also enable the use of it before updating to Go 1.13 (in this PR, for example).