Update libsignalservice to 2.13.0

- Eliminate the explicit spongycastle dependency. All access to
  primitives is done through the JCE interfaces now, which allows
  us to use a secure native-backed provider like conscrypt.

- Use conscrypt for our default security provider. This gives us
  fast TLS 1.2 and 1.3 support on all devices, even before they
  had platform support (like 4.4).

- Update minSdk to 18. Unfortunately the JCE interfaces for GCM
  primitives are JDK 7+ (!) only, which became supported by Android
  at 18.

src/org/thoughtcrime/securesms/attachments/AttachmentServer.java

@@ -4,10 +4,10 @@ package org.thoughtcrime.securesms.attachments;
 import android.content.Context;
 import android.net.Uri;
 import android.support.annotation.NonNull;
-import org.thoughtcrime.securesms.logging.Log;
 
-import org.spongycastle.util.encoders.Hex;
+import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.mms.PartAuthority;
+import org.thoughtcrime.securesms.util.Hex;
 import org.thoughtcrime.securesms.util.Util;
 
 import java.io.BufferedOutputStream;
@@ -52,7 +52,7 @@ public class AttachmentServer implements Runnable {
       this.attachment   = attachment;
       this.socket       = new ServerSocket(0, 0, InetAddress.getByAddress(new byte[]{127, 0, 0, 1}));
       this.port         = socket.getLocalPort();
-      this.auth         = new String(Hex.encode(Util.getSecretBytes(16)));
+      this.auth         = Hex.toStringCondensed(Util.getSecretBytes(16));
 
       this.socket.setSoTimeout(5000);
     } catch (UnknownHostException e) {