add OpenSSL warning exception and config const, #51

[tom--]

See Issue #5 and also hte discussion in #51

This branch isn't ready to merge but I needed to ask something before going on.

After writing this I found I'm not really happy with using a config const. It introduces the hazard of authoring code without knowing the value (easy mistake). It's hard to test (consts are set in PHPunit config). It's another global. And above all, it removes the caller's choice in the matter. For example, say you were writing a lib that uses some crypto that's just stupid without real randomness. The best you can do is test the const (if you remember to) and fail if it's true. Meanwhile, somewhere else in the project I might prefer OpenSSL's RNG over this. So I'm not sure the choice should be a global policy.

The options I can imagine at present

1. const, as in this PR
2. 2nd argument, e.g. string random_bytes ( int $length [, bool $allowOpenSsl = false ] )
3. additional functions, e.g. string random_bytes_risky ( int $length )
4. nothing and mention openssl_random_pseudo_bytes( $length, true ) in the exception doc

All horrible but I like 1. and 3. least. 4. is ok. 2. is probably best. But I don't have strong opinion and defer to others. Let me know what you like and I will proceed with this work.