Use arc4random on Apple platforms

[snej]

util__random_bytes uses a cryptographic RNG if built with OpenSSL, or if running on Linux or Windows. If none of those apply it falls back to insecure random().

On Apple platforms, arc4random() is available as a cryptographic RNG.

This actually produces a warning from Xcode's static analyzer:

mosquitto/lib/util_mosq.c:268:38: warning: The 'random' function produces a sequence of values that an adversary may be able to predict.  Use 'arc4random' instead [security.insecureAPI.rand]
                ((uint8_t *)bytes)[i] = (uint8_t )(random()&0xFF);
                                                   ^~~~~~

[snej]

Here's a patch:

diff --git a/lib/util_mosq.c b/lib/util_mosq.c
index fda69801f4a827dff47eb5b6ec7c9e474a2693ae..598f3315192476ab3978917da3d7cdbf39aa786c 100644
--- a/lib/util_mosq.c
+++ b/lib/util_mosq.c
@@ -38,6 +38,10 @@ Contributors:
 #  endif
 #endif
 
+#if !defined(WITH_TLS) && defined(__APPLE__)
+#include <stdlib.h>  /* for arc4random() */
+#endif
+
 #ifdef WITH_TLS
 #  include <openssl/bn.h>
 #  include <openssl/rand.h>
@@ -261,6 +265,9 @@ int util__random_bytes(void *bytes, int count)
 	}
 
 	CryptReleaseContext(provider, 0);
+#elif defined(__APPLE__)
+    arc4random_buf(bytes, count);
+    rc = MOSQ_ERR_SUCCESS;
 #else
 	int i;