Migrate to Gradle's built-in dependency verification

This commit removes the use of our fork of the gradle-witness plugin in
favor of Gradle's relatively new built-in dependency verification
feature [1].

The gradle/verification-metadata.xml file was produced using the
following command:

    ./gradlew --write-verification-metadata sha256 build

Where `build` is the usual `gradle build` command. All dependency
configurations are resolved this way, and written out to the file.

The resulting file contains 273 unique dependency declarations, as
compared to just 64 in our now-removed gradle-witness.gradle file. This
means that the coverage of dependencies verified is much more complete.

The new file contains the same sha256 checksums for each dependency as
the old file. This was manually spot-checked for a significant number of
the dependencies.

Like with gradle-witness, builds will break when dependencies are
upgraded (and now also when they are added). To fix these breakages, the
`--write-verification-metadata sha256` option must be provided to the
build. Note that new entries will be added for upgraded depedencies, but
old entries are not removed automatically from the file. These must be
removed manually.

[1]: https://docs.gradle.org/current/userguide/dependency_verification.html

build.gradle

@@ -9,7 +9,6 @@ buildscript {
         classpath 'com.google.gradle:osdetector-gradle-plugin:1.6.0'
         classpath 'com.github.jengelman.gradle.plugins:shadow:5.2.0'
         classpath 'org.openjfx:javafx-plugin:0.0.10'
-        classpath files('gradle/witness/gradle-witness.jar')
         classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.5.6'
     }
 }
@@ -456,8 +455,6 @@ configure(project(':cli')) {
 configure(project(':desktop')) {
     apply plugin: 'com.github.johnrengelman.shadow'
     apply plugin: 'org.openjfx.javafxplugin'
-    //apply plugin: 'witness'
-    //apply from: '../gradle/witness/gradle-witness.gradle'
     apply from: 'package/package.gradle'
 
     javafx {