Use cryptographic PRNG with `WithRandSource` option

[lthibault]

I just realized that WithRandSource maps onto crypto/rand, not math/rand.

Wazero is quite strict about not letting guest code make syscalls, so the value defaults to a (deterministic) stub. We definitely want to provide guests with crypto-grade entropy, so two questions:

1. What is the benefit (if any) of providing per-instance/isolated random readers?
2. If there is a benefit, how can we implement a stand-alone io.Reader that is suitable for crypto? (Maybe a stream cipher seeded with crypto/rand?)

[lthibault]

cc #103

[lthibault]

https://security.stackexchange.com/questions/86430/linux-kernel-entropy-does-it-matter-to-dev-urandom-and-what-is-a-minimum#86432

This has reassured me that there is no risk in sharing crypto/rand.Reader across many processes, at least from an entropy-depletion point of view.

At this point, I'm not certain why the Wazero folks have decided not to provide crypto/rand.Reader by default. I should make it a point to ask them.