Don't set a harvest_mask by default.
It is a bad idea and does not keep up with additions to the harvesting sources.
Otherwise 'harvest_mask' is yet another thing that has to be kept in sync with
Do not depend on r324394's random_check_uint_harvestmask()'s disallowing
userspace modification (e.g., disabling by '511') of pure entropy sources.
That is, forcing a policy on all users instead of letting them dictate policy.
Instead this should be wrapped by raised securelevel or MAC deemed it so.
[We intend to submit that change, since that would allow policy to dictate what
should be allowed.]