The weight generation code also was cleaned up (and now can support
generating distributions that look like what ScrambleSuit does as
a compile time change).

Per: http://www.keithschwarz.com/darts-dice-coins/

The old way was biasted towards the earlier values.  Thanks to asn for
pointing this out and suggesting an alternative.

As an additional tweak, do not reuse the drbg seed when calculating the
IAT distribution, but instead run the seed through SHA256 first, for
extra tinfoil goodness.

All of the obfs4 code except unit tests now uses the csrand wrapper
routines.

It will vary per bridge as it is based off the DRBG, but ever attempt
at poking at any given bridge will exhibit consistent behavior.

 * HMAC-SHA256 -> HMAC-SHA256-128.
 * Mark/MAC are now both caluclated using Public Key | NodeID.

This breaks wire protocol compatibility.

This also adds the drgb-seed option to the `-gen` obfs4proxy output.

This paves the way for having servers use the same seed for all
incoming connections, across multiple startup/shutdown cycles.  As
opposed to the current situation where each Obfs4Listener will
randomly generate it's seed at creation time.

Additionally, use 256 bit seeds (128 bit SipHash-2-4 key + 16 bytes of
initial material).

The same algorithm as ScrambleSuit is used, except:
 * SipHash-2-4 in OFB mode is used to create the distribution.
 * The system CSPRNG is used when sampling the distribution.

This fixes most of #3, all that remains is generating and sending a
persistent distribution on the server side to the client.