Use SecureRandom instead of Random

[marci4]

Description

Related Issue

Fixes #1132

How Has This Been Tested?

Connect to a remote server.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

[PhilipRoman]

I've looked into this a bit, and I no longer think there is any direct vulnerability here. The cache poisoning exploit requires that there is malicious code controlling the websocket client. Since this is a Java library, any code controlling this client is typically already running with full Java privileges and can do whatever it wants on the user's computer.

There might be a situation though, where a user of this library sends unobscured data (without using Json or base64) obtained from a malicious source (like someone implementing a web browser using this library, which is in practice very unlikely).

Either way, this PR should be merged, just to follow the advice in the spec, but as far as I understand, the masking mechanism is primarily for web browsers.