v0.14.1 RNG / stack protector fixes

Fixes a security issue where the stack protector is not properly initialized. Stack protector is now initialized using a proper rng at boot time and this patch improves how our rng is seeded, now requiring rdrand or rdseed instructions as entropy sources to be present at boot by default, unless this requirement is explicitly disabled.

Huge thanks to Spencer Michaels and Jeff Dileo of NCC Group who first reported this issue and to Jeff who helped us come up with this patch set.