🛡️ Sentinel: [HIGH] Fix Insecure Randomization

[thirdeyenation]

🚨 Severity: HIGH
💡 Vulnerability: The codebase used the non-cryptographic random module (Mersenne Twister) to generate security-sensitive values, including the root SSH password fallback, agent session IDs, and general application GUIDs. This predictable pseudo-random number generator could allow an attacker to predict generated secrets or identifiers if they can observe enough output to derive the seed state.
🎯 Impact: Attackers could potentially predict future SSH root passwords, hijack agent sessions by guessing IDs, or spoof internal GUIDs.
🔧 Fix: Replaced all vulnerable usages of random.choices with the cryptographically secure secrets.choice generator.
✅ Verification: Ran python compiler checks and the test suite to ensure existing behavior and character distributions remained functionally identical but securely sourced.

---

PR created automatically by Jules for task 16251309627248897490 started by @thirdeyenation

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.