Use a very cautious Rng for deriving longer-lived keys

Nick Mathewsonrequested to merge
nickm/arti:cautious_rng into main

This MR does several main things:

First, it introduces a "CautiousRng" which combines inputs from several sources, including OsRng, to minimize the likelihood of falling to a vulnerability in any particular one. (This is more than a bit paranoid, but it's what C Tor does.)

Second, it uses "CautiousRng" to generate any key that's going into a KeyMgr. (This is a close approximation to "any long- or medium-term key", though relays may want to consider some other keys "medium-term".)

(That part closes #1898 (closed).)

Third, it adds an "EntropicRng" marker trait to ensure that we don't accidentally use a weaker Rng when generating a managed key.

Merge request reports