Remove vendor'd dependencies

[galund]

The following dependencies are still brought in via a _vendor directory:

• fixedsticky.js
• modernizr.js

Dependency management (including dependabot security checks) would be better if they could be brought in via npm and package.json.

When trying to do that, I got a bunch of JavaScript compilation errors from webpack, so this needs further investigation.