LCE: Don't play dice with random numbers

There is a kernel interface for this - the RNDZAPENTCNT and RNDCLEARPOOL ioctls. The problem, of course, is that this doesn't address /dev/urandom user, and the cloned kernel doesn't know that it has been cloned.

Therefore, the VMM needs to make the kernel aware that it has been cloned, and make sure the pool diverges from its clone. This can be done by injecting a unique token into the entropy pool of each of the kernel clones as well as setting the entropy count to zero via RNDZAPENTCNT.

This doesn't require any kernel changes but requires a way for the VMM to communicate with the guest and make it do so. The other option is that we add an interface to the (guest) kernel to make it possible for the VMM to do so "from underneath", without invoking guest user space.