Use crypto.randomInt for unbiased random character selection

Co-authored-by: yuki-takei <1638767+yuki-takei@users.noreply.github.com>

apps/app/src/server/models/user.js

@@ -124,10 +124,9 @@ const factory = (crowi) => {
     let password = '';
     const len = 12;
 
-    const randomBytes = crypto.randomBytes(len);
     for (let i = 0; i < len; i++) {
-      const randomPoz = randomBytes[i] % chars.length;
-      password += chars.substring(randomPoz, randomPoz + 1);
+      const randomIndex = crypto.randomInt(0, chars.length);
+      password += chars[randomIndex];
     }
 
     return password;