Hash PRNG output before use, so that it's not revealed to the network
In a review of prop250, ioerror suggests that we should hash raw random values before revealing them to the network.
https://lists.torproject.org/pipermail/tor-dev/2015-November/009954.html
This avoids an attack similar to the one that broke Dual EC: http://projectbullrun.org/dual-ec/ext-rand.html
I have a patch for this, I need to clean it up to merge cleanly on top of #17686 (moved).