Move object ID, token, and random string generation into their own
module, cryptoUtils.
Remove hat dependency, which was used to generate session and some other
tokens, because it used non-cryptographic random number generator.
Replace it with the cryptographically secure one. The result has the
same format (32-character hex string, 128 bits of entropy).
Remove randomstring dependency, as we already have this functionality.
Add tests.
