remove pinning of versions

[drewwells]

Code that templates out applications with no migration path should
not pin versions. It invariably leads to code that stagnates on
outdated versions of tools.

Removed the masking of makefile output. It provides little value
and makes it harder to debug what make is doing.

[kd7lxl]

👍

[kd7lxl]

I don't think there's any value to go mod download after go mod tidy/vendor. It will already have downloaded all the modules.

[kd7lxl]

This doesn't lead to reproducible builds.

An alternative approach that would keep versions from going stale but also support reproducible builds would be to add a .github/dependabot.yml to the templates. Edit: implemented in #90

[drewwells]

We should always be fixing bugs on the latest versions of dependencies. Dependabot PR would just fail/get ignored and continue the current process of creating apps on old versions of tools.

[drewwells]

Since go has been maintaining backwards compatibility for a decade, the only errors I expect to get here are with go test linting rules. Those find bad code so the risk here is quite low while the upsides are high.

[daniel-garcia]

the problem with removing the version is that it becomes ambiguous as to which version we are using. Tracing it back to a build would be a PITA. Perhaps we can write a build rule that would check what the latest release is and fail to build unless the user updates it. In any case, let's remove this change and deal with it in a separate PR.