Implement a new certificate serial number strategy (part of proposal 179)
We currently put time(NULL) in our certificate's serial numbers, which is not a good idea.
Proposal 179 says to put 8 random bytes as the serial numbers of our new certificates. It seems like a sane choice.
(Also see #4570 (moved) for another prop179 serial number trick which did make it in.)