Meta: Audit public dependencies

[seanmonstar]

As part of reaching hyper 1.0, we need to audit the "public" dependencies to make sure that:

• We actually mean for that dependency to be exposed.
• The dependency is stable.

This list might be incomplete, but currently has:

• http must reach 1.0
• http-body must reach 1.0
• Make tracing an unstable feature #3319
• bytes must be 1.0
• Tokio 1.0 or remove for hyper::io traits

[hawkw]

I think the Tokio 1.0 checkmark should be checked off, given that Tokio's io traits are stable :)