build(deps): update signatory requirement from 0.12 to 0.16

[dependabot-preview]

Updates the requirements on signatory to permit the latest version.

Changelog

Sourced from signatory's changelog.

[0.16.0] (2019-10-29)

• Use the ecdsa crate (#178)
• Upgrade to zeroize 1.0 (#176)
• Upgrade to signature and ed25519 crates v1.0.0-pre.1 (#177)

[0.15.0] (2019-10-11)

• signatory-dalek: Upgrade ed25519-dalek to 1.0.0-pre.2 (#173)
• Upgrade to signature and ed25519 crates v1.0.0-pre.0 (#172)

[0.14.0] (2019-10-10)

• Always use the alloc crate for String/Vec (#170)
• Upgrade to signature crate v0.3, ed25519 crate v0.2; MSRV 1.36+ (#169)

[0.13.0] (2019-08-11)

• Update ring to v0.16; secp256k1 to v0.15 (#167)
• Remove toplevel signature re-exports; add encoding::Error (#166)
• Use ed25519::Signature from the ed25519 crate (#165)

[0.12.0] (2019-06-07)

• Use the signature crate (#160, #161)

[0.11.5] (2019-06-04)

• Upgrade to zeroize 0.9 (#158)

[0.11.4] (2019-05-20)

• Support stable alloc API (#154)
• Upgrade to zeroize 0.8 (#153)

[0.11.3] (2019-03-13)

• Fix Missing TrailingWhitespace type-case in subtle-encoding error conversion (#149)

[0.11.2] (2019-03-09)

• ecdsa: impl PartialOrd + Ord for PublicKeys (#147)
• ecdsa: Simplify trait bounds for Copy impl on curve point types (#146)

[0.11.1] (2019-02-23)

• ecdsa: impl Copy + Hash for ECDSA curve points and public keys
  (#143, #144)

[0.11.0] (2019-02-12)

... (truncated)

Commits

• 8607966 v0.16.0
• b11d7d6 Merge pull request #178 from tendermint/ecdsa-crate
• 2208af2 ecdsa: Use the ecdsa crate
• 6930dd4 Merge pull request #176 from tendermint/zeroize/1.0
• fb7a840 Upgrade to zeroize 1.0
• 261c2df Merge pull request #177 from tendermint/signature/v1.0.0-pre.1
• d994a66 Upgrade to signature and ed25519 crates v1.0.0-pre.1
• 394f340 Merge pull request #175 from tendermint/ci/add-back-audit
• eaebd58 .circleci: Add back audit step
• 734c2d4 Merge pull request #174 from tendermint/v0.15.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[ebuchman]

@dependabot recreate

[tarcieri]

@ebuchman this update needs some code changes. I moved some things out of signatory's toplevel into other crates/modules, e.g. signatory::Signature => signatory::signature::Signature

[ebuchman]

Ok thanks will look into it more carefully!

[tarcieri]

@ebuchman a good first step would be to delete the Secret Connection code now that I moved it back to KMS (#27). That should also eliminate the dependency on ring so you can close #21 (and #11 )

[tarcieri]

zeroize (#47) and subtle-encoding (#48) need to be bumped at the same time as this

[liamsi]

manual changes were done in #80

[dependabot-preview]

Looks like signatory is up-to-date now, so this is no longer needed.