Use CryptoRng instead of plain RngCore

[baloo]

This is meant to fix this TODO:
https://github.com/RustCrypto/elliptic-curves/blob/f0ae3ae87dc935e563eb40be8c07fbbc53875270/k256/src/arithmetic/scalar.rs#L194

[ebfull]

This seems like too strict of a bound to categorically place over all field implementations, since even in cryptography contexts there are legitimate situations where random field elements are needed but a cryptographically secure Rng is not necessarily needed or wanted -- I've ran into these situations before.

In this case I'm not sure why this bound is needed even to address the TODO in the k256 crate that I saw upthread.

[baloo]

I'm not sure I can judge whether that's required or not. cc @tarcieri

[tarcieri]

Yeah, the k256 issue can probably be solved by moving the actual RNG implementation to the Field::try_from_rng impl, then having Scalar::generate_vartime call Field::try_from_rng, which would allow Scalar::generate_vartime to bound on TryCryptoRng

[baloo]

Scalar::generate_vartime can't have a stricter bound than the Field::try_from_rng though.

[tarcieri]

I tried the change I was suggesting locally and it worked. Opened a PR: RustCrypto/elliptic-curves#1132

[tarcieri]

IMO this can be closed (I think we discussed it at one point in the past, but now I can't find it)

[baloo]

Ha right by reversing the call ><.