refactor: Make SourceHub dep internal-only

[AndrewSisley]

Relevant issue(s)

Resolves #2962

Description

I was mostly curious if this will make the vuln checker go green (it doesn't, it just reports it from our internal acp package now), but it is a good change anyway IMO to avoid embedded Go client users from having to directly import the dependency.

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 79.25%. Comparing base (af15a33) to head (5e87f31).
Report is 1 commits behind head on develop.

Files	Patch %	Lines
cli/start.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #2963      +/-   ##
===========================================
- Coverage    79.28%   79.25%   -0.03%     
===========================================
  Files          326      326              
  Lines        24768    24768              
===========================================
- Hits         19635    19628       -7     
- Misses        3715     3719       +4     
- Partials      1418     1421       +3     

Flag	Coverage Δ
all-tests	79.25% <50.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
keyring/signer.go	80.95% <ø> (ø)
node/acp.go	79.17% <100.00%> (ø)
cli/start.go	43.70% <0.00%> (ø)

... and 13 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af15a33...5e87f31. Read the comment docs.

[shahzadlone]

Change LGTM even if doesn't fix vul checker. I wish a silencing feature was there golang/go#61211