Bump crypto version

[sdhull]

Describe the bug
I don't think that tusd uses crypto/ssh (and is therefore not really subject to this CVE) however from a static analysis standpoint it'd be nice if we could pull in a version of this library that isn't flagged as vulnerable.

I'm not super familiar with golang, so not sure how hard this is to do, as this is a dependency of a dependency.

To Reproduce
See https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-551923

[Acconut]

To be honest, I am not an expert with Go dependencies. I tried to follow the steps in https://medium.com/@majdasab/how-to-upgrade-an-indirect-dependency-in-golang-988751f92a6e to require a version of crypto that fixes this issue, but the Go tool chain always overwrites my changes. So maybe we already use a new enough version. But I personally do not know how to tackle this.

[sdhull]

@Acconut thank you so much for looking into this. I've also chatted with golang folks at my company it and it sounds like this is not really possible (and is a widespread issue in the go ecosystem). I'm going to close this for now. Thanks again for looking into it ❤️