New dependencies in juju-core

[Ian Booth]

> At the very least we should give that code a very thorough vetting,
> and I think it would probably be best to pull it directly into gwacl
> so that that unknown third party can't compromise the security
> of juju by simply updating their source code.
> 

Hmmmm. If only Go had dependency management/versioning and didn't just
arbitrarily pull everything from tip. WCPGW

/me runs for cover...