Started on this in rt46047:

> > 1) when built with --enable-crypto-rand, "crypto" is used instead of
> >    "openssl" or "pkcs11" to indicate use of the crypto library random
> >    number generator

Instead of "crypto", I decided "random-device none;" or leaving the -r option
blank would specify the default behavior.

> > 2) when built with --enable-crypto-rand, random-device defaults to
> > "crypto"

The default in config.c is now "none" when built with crypto-rand

> > 3) when overridden with -r or the random-device option, crypto-rand
> > is
> >    fully disabled, and a file source is used in its place.

"Fully disabled" is not the case -- openssl still uses its own
built-in entropy source. On further thought, this is probably fine, but
also note...

> > 5) improve comments and write some developer doc that does a better
> >    job explaining how the RNG/PRNG functions interrelate

In the ARM we need to be very clear about *exactly* what behavior
changes when specifying the -r or random-device options.