The weight generation code also was cleaned up (and now can support
generating distributions that look like what ScrambleSuit does as
a compile time change).

Per: http://www.keithschwarz.com/darts-dice-coins/

The old way was biasted towards the earlier values.  Thanks to asn for
pointing this out and suggesting an alternative.

As an additional tweak, do not reuse the drbg seed when calculating the
IAT distribution, but instead run the seed through SHA256 first, for
extra tinfoil goodness.

All of the obfs4 code except unit tests now uses the csrand wrapper
routines.

The same algorithm as ScrambleSuit is used, except:
 * SipHash-2-4 in OFB mode is used to create the distribution.
 * The system CSPRNG is used when sampling the distribution.

This fixes most of #3, all that remains is generating and sending a
persistent distribution on the server side to the client.

On second thought instead of using log.Panicf(), panic() and do the
logging with recover().  This somewhat centralizes logging in
obfs4proxy, which will be easier to change when I invariably decide to
do logging differently in the future.

This adds preliminary support for data padding by adding another layer
of encapsulation inside each AEAD frame containing a type and length.
For now, data is still sent unpadded, but the infrastructure for
supporting it is mostly there.

Additionally, use log.Panic[f]() instead of panic through out the code
so that some panics are logged.

Like ScrambleSuit, a random interval between 1x and 5x of additional
data from the peer is read and immediately discarded before closing.

Additionally, obfs4 will close off invalid connections anywhere between
0 and 60 seconds after it determines that the incoming connection will
never complete the handshake successfully.