Rewrite random number generator.

Rewrite random number generator.

New one has 32-byte state s, produces output x by splitting 64-byte
ChaCha20_s(0) into 32-byte halves s' and x and replacing the state by
s'.

I added two alternate implementations of flo:random-unit, one which
samples real numbers uniformly from [0,1] and rounds them to
floating-point numbers, and one which samples real numbers uniformly
from (2^{-emin - p - 1}, 1 - ulp(1)/4) and rounds them to
floating-point numbers.  The latter is wrong for various reasons but
it is closer to what we historically provided, so it is what we use
for now.

I removed the fallback in case get-entropy (/dev/urandom) fails,
which means this won't work on Windows until someone teaches the
microcode to call CryptGenRandom there, and won't work in a chroot
unless someone teaches it to use getentropy(2) or getrandom(2) or
whatever.

If this causes any problems, feel free to back out this commit --
aside from refusing to fall back to getting `entropy' from the clock
and having a different export format, this is intended to be a
drop-in replacement for the old random.scm (hence the recent tests),
so if I made a mistake just back it out, let me know what went wrong,
and I'll add more tests before re-merging it.