Supply chain security: do a deep dependency review, remove deps

[paulmillr]

There needs to be done a deep review of cryptography usage. Even though you're saying you're using scure/bip39 for mnemonics, it is not the case for every other feature.

1. why is crypto-browserify used? It is a very big module and its parts haven't been maintained for >= 5 years. potentially vulnerable to stuff
2. why is bignumber.js used? There are native bigints.
3. ethereumjs-wallet v1.0.2 is outdated, it's using old / bad cryptography
4. ethers v5 uses outdated, old / bad cryptography

All keyring and sdk modules must also be investigated.

[vvvvvv1vvvvvv]

Sure, need some time to check them, will reply in next week

[EroticKlaxon]

Sure, need some time to check them, will reply in next week

It's next week, how we doin?