Allow CAs to use randomized serials when signing
Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential numbers.
Add an option to CA entries (off by default) which will allow them to generate random serial numbers when signing for extra security.
The generated numbers must be tested against all known serials for a given CA to avoid accidentally duplicating a serial.
Move CA random serial option to upper section. Issue #9883
This allows it to be set when creating a new CA, so it doesn't have to
be edited in later.
Also show the next serial/random status in the CA info block
Hide trust store line from non-CA entries since it's not relevant to
certificates, only CAs.