Update freetype to fix CVE?

[fschutt]

FreeType version 2.6, which webrender depends on on Linux had a heap buffer overflow has been found in the handling of embedded PNG bitmaps.

Since webrender links freetype statically (afaik) it would make sense to update the freetype dependency to fix this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

[jrmuizel]

I think it might make more sense to just make sure we always use the system freetype. i.e. drop the freetype-lib feature.