Bump crypto version

[sdhull]

Describe the bug I don't think that tusd uses crypto/ssh (and is therefore not really subject to this CVE) however from a static analysis standpoint it'd be nice if we could pull in a version of this library that isn't flagged as vulnerable.

I'm not super familiar with golang, so not sure how hard this is to do, as this is a dependency of a dependency.

To Reproduce See https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-551923