It looks like dependabot couldn't update golang.org/x/crypto
automatically to fix the  CVE-2022-27191:

https://github.com/coredns/coredns/discussions/5403#discussion-4099726

This PR manually fix the dependency.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>