crypto_strongest_rand() failures should be fatal(?)

Follow up from #17686 (moved).

We either trust OpenSSL's RAND_bytes(), or we don't. The existence/use of the call hints at the latter, so failing crypto_strongest_rand() should be fatal especially when doing Ed25519/Curve25519 key generation.