Drop vendored safedialer package (#26)

Recomend using https://github.com/mccutchen/safedialer instead.

README.md

@@ -27,21 +27,27 @@ Canonicalization is optimized for URLs that are shared on social media.
 
 ## Security
 
-**TL;DR: Use `safedialer.Control` in the transport's dialer to block attempts
-to resolve URLs pointing at internal, private IP addresses.**
+**TL;DR: Use [`safedialer.Control`][safedialer] in the transport's dialer to
+block attempts to resolve URLs pointing at internal, private IP addresses.**
 
 Exposing functionality like this on the internet can be dangerous, because it
 could theoretically allow a malicious client to discover information about your
-internal network by asking it to resolve URLs pointing at private IP addresses.
+internal network by asking it to resolve URLs whose DNS points at private IP
+addresses.
 
 The dangers, along with a golang-specific mitigation, are outlined in Andrew
 Ayer's _excellent_ ["Preventing Server Side Request Forgery in Golang"][blog]
 blog post.
 
 To mitigate that danger, users are **strongly encouraged** to use
-`safedialer.Control` as the `Control` function in the dialer used by the
-transport given to `urlresolver.New`.
+[`safedialer.Control`][safedialer] as the `Control` function in the dialer used
+by the transport given to `urlresolver.New`.
+
+See [github.com/mccutchen/urlresolverapi][] for a productionized example, deployed at
+https://urlresolver.com.
 
 [Thresholderbot]: https://thresholderbot.com/
 [purell]: https://github.com/PuerkitoBio/purell
 [blog]: https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golangs
+[safedialer]: https://github.com/mccutchen/safedialer
+[github.com/mccutchen/urlresolverapi]: https://github.com/mccutchen/urlresolverapi/blob/7e1a30fc0a5f8/cmd/urlresolverapi/main.go#L120-L128