Remove go-crypto dependency for FIPS compliance

We have recently started pulling in the go-crypto package that is used to cryptographically sign commits. Unfortunately, go-crypto implements its own cryptographic primitives and is not FIPS-certified. As a consequence we're not allowed to use this library at all if we want things to be FIPS-compliant.

We need to remove this dependency and implement commit signing in an alternative way.