Trog::TOTP versions before 1.006 for Perl generate secrets using rand.

Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.