Use external libsodium rather than carrying a copy in the tree.

The scary scenario we thus avoid is that a CVE is issued against libsodium
but the OS update doesn't fix the problem and users have no idea they're
vulnerable.  Avoiding this is worth accepting more build friction on some
older distros.