Use insecure built-in PRNG on Windows (no other options available)

There are currently performance problems with using
openssl_random_pseudo_bytes() on Windows servers with the latest
versions of PHP 5.3. Thus with no other options available we have to use
PHP's built-in insecure PRNG for generating nonces/passwords/etc. The
1.3.x branch of MantisBT introduced changes to the way MantisBT gathers
entropy from PHP's internal MT PRNG so it should still be a little bit
more secure than MantisBT 1.2.x.

Linux/BSD platforms should still be able to use either
openssl_random_pseudo_bytes() or /dev/urandom to generate strong random
numbers and thus we don't allow a fallback to the insecure built-in
PRNG on these platforms.