use getrandom function

[mmeeks]

This is an Easy Hack.
Potential mentors: @Ashod

Detailed description and rationale

Currently we need the capability CAP_MKNOD in order to create our jails - but we only use this to create /dev/random and /dev/urandom. There is however no need for these nodes on modern systems:
https://lwn.net/Articles/711013/
Suggests this is un-necessary - and we can detect and use 'getrandom' on Linux, and getentropy on BSD which should use direct sys-calls. That should let us drop this un-necessary capability.

Code pointers

git grep /dev/urandom # in online - and also in core.
git grep CAP_MKNOD

Hopefully not a horribly hard one. Quite probably we want to test hard vs. eg. inserting https:// URLs to ensure our required openssl / nss etc. libraries can live without /dev/urandom and /dev/random.

[Ashod]

Worth mentioning that we also need to test password-protected files and document signing, which both depend on /dev/[u]random to be available.

[Ashod]

While getrandom() can replace /dev/[u]random on Linux, we still need to support non-Linux systems. So, the correct way to support this is to check in configure.ac for getrandom() and only then enable using it, via #ifdef compiler directives.

Basically, we need to add a check in configure.ac to see if getrandom() is available. If yes, then we need to define a compile-time directive (say, ENABLE_GET_RANDOM or something like that, compatible with the current naming convention) and in the code have #ifdef ENABLE_GET_RANDOM to use either getrandom() or the old code.

We cannot remove the old code, just yet.

[Ashod]

The Linux side is now supported, thanks to #5897 and @bayramcicek. However, BSD is still missing, so will keep this open until we support BSD as well.

[arrowd]

Thanks for not forgetting FreeBSD when adding new features!