It's commonly assumed that GUIDs generated by base::GenerateGUID are
unguessable and will not collide, and this is in practice true since
it's backed by base::RandBytes.

The header for base::RandBytes did not guarantee being secure, but the
implementations were all required to be cryptographically strong random
number generators since crypto::RandBytes and base::UnguessableToken
already both depend on base::RandBytes (see https://crbug.com/140076).

This patch:

- Marks base::GenerateGUID as secure in the code comments.

- Migrates base::GenerateGUID from base::RandUint64 which is not
  guaranteed to be secure to base::RandBytes which is - see above.
  (It's not possible to migrate to crypto::RandBytes since that would
  introduce a circular dependency between base and crypto - see
  UnguessableToken::Create for a similar case).

- Marks base::RandBytes as secure random in its header, but clarifying
  that code outside base/ that depends on it being secure should
  continue to use the crypto/ wrapper.

- Cleans up some duplicated code in the implementations of
  base/rand_util_*.cc

Bug: none
Change-Id: I282bbd7d1883ba120c01280b941b9d7ecbef404c
Reviewed-on: https://chromium-review.googlesource.com/678731


Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: John Mellor <johnme@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504389}