Spring Improve random source in SockJS support

The SockJs protocol spec states the following:

As browsers don't have a good entropy source, the server must help with that. Info url must supply a good, unpredictable random number from the range <0; 2^32-1> to feed the browser.

Our SockJs server implementation uses java.util.Random to generate a source of entropy for clients. We could argue that this source of entropy is not strong/secure enough. Clients should not use this value directly to generate a session id, but could rather use it as a seed to a pseudo-random generator. Such random generators are equivalent to java.util.Random and are not "cryptographically safe" anyway.

In practice, the SockJs javascript client has never used this source of entropy and used the browser crypto API, which is safe. Our own SockJsClient is not using this source of entropy either.

While this has no concrete effect on known clients, we should still use a stronger source of entropy for clients and use instead java.security.SecureRandom.