Remove vendor dir #549
Description
To do so, we need to address the use cases it serves:
- It makes it obvious when we're increasing our binary size too much. We could do this with a GH PR check that adds a comment to the PR "binary size is now $X".
- It's easy-ish to scan our new dependencies and make sure they have OSS-compatible licenses. Likewise, a bot could call
go mod vendorand do some automated license checks, or at least print out a table with a link to the license for each dep (ideally highlighting new/changed deps). - It (ideally) confirms that the dependency versions in prod are the same as those tested by our CI. This is handled by
go.{mod,sum}; nothing to do.