Make Uint::random_mod() work identically on 32- and 64-bit targets

[fjarri]

The current version of Uint::random_mod() produces different results on 32- and 64-bit targets because it exhausts the byte stream differently if the number of bytes in modulus is not a multiple of 8 (e.g. if it is 20 bytes, the 32-bit version will read 20 bytes - 5 limbs, but the 64-bit version will read 24 bytes - 3 limbs). This PR makes the behavior identical, so that an RNG with the same seed will produce the same stream of Uints (as long as the RNG itself produces the bytestream consistently, of course).

I am not sure if that is actually a desired behavior, but I did bump into it when I generated a ZK proof challenge on a 64-bit and 32-bit clients, and expected them to be the same. If it is not a guarantee we want to provide, perhaps an explicit note in the docs will be helpful.

The code in this PR would be much simpler if I could use Uint::from_le_bytes(), but then I would have to add an Encoding bound.

[fjarri]

Not sure why the powerpc job failed, it has been queued for 20 minutes previously waiting for the job runner. I don't think I have the necessary permission to restart it.

[tarcieri]

Looks like a random GitHub Actions runner failure. I restarted it.