mosquitto: security bump to version 1.5.4

mosquitto: security bump to version 1.5.4

>From the announcement:

When using a TLS enabled websockets listener with require_certificate
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed.  All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this.

https://mosquitto.org/blog/2018/11/version-154-released/

Drop patch 0001, now applied upstream:
https://github.com/eclipse/mosquitto/pull/933

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>