remove nested go.mod for verifier/contentsignature

This was causing surprises for devs making changes
in that package and hitting a variety of build
problems when they realized they hadn't updated
the top-level go.mod. And other hacks failed to be
kept up (see
#896 (comment) ).

The only external user of
verifier/contentsignature was the
mozilla-vpn-client and @oskirby (a maintainer of
it) tells us they've been using a rust version for
a while now. Clients also could just use the
autograph repo's versioning instead.

Can be confirmed with this search:
https://github.com/search?q=autograph%2Fverifier%2Fcontentsignature&type=code

go.mod

@@ -19,7 +19,6 @@ require (
 	github.com/mattn/go-colorable v0.1.4 // indirect
 	github.com/mattn/go-isatty v0.0.10 // indirect
 	github.com/miekg/pkcs11 v1.0.3
-	github.com/mozilla-services/autograph/verifier/contentsignature v0.0.0-00010101000000-000000000000
 	github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c
 	github.com/sirupsen/logrus v1.8.1
 	github.com/youtube/vitess v2.1.1+incompatible // indirect

vendor/modules.txt

@@ -146,9 +146,6 @@ github.com/miekg/pkcs11
 github.com/mitchellh/go-homedir
 # github.com/mitchellh/go-wordwrap v1.0.0
 github.com/mitchellh/go-wordwrap
-# github.com/mozilla-services/autograph/verifier/contentsignature v0.0.0-00010101000000-000000000000 => ./verifier/contentsignature/
-## explicit
-github.com/mozilla-services/autograph/verifier/contentsignature
 # github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c
 ## explicit
 github.com/mozilla-services/yaml