Should I drop dbo from the database role db_owner?

Don't worry about it, as J.D. says.

In fact, you cannot drop dbo from db_owner. There's a hard-wired blocker in the engine prohibiting you to do so. Try and you get the error:

Msg 15405, Level 16, State 1, Line 1
Cannot use the special principal 'dbo'.

It sounds like the vulnerability audit tool you use just always flags whenever a User, is mapped to the db_owner role, which in this case is the default dbo.

I believe there has to always be one db_owner of a database and as previously mentioned dbo is the default. So you won't be able to change this without first setting another User as the db_owner, which will get flagged by your audit anyway.

All things considered, this isn't the end of the world to leave as the default, as you can disable the Login associated with the dbo User.