Masking is not cryptographically secure

[danielgrad]

The random number generator used for masking frames is not cryptographically secure:

https://github.com/dart-lang/web_socket_channel/blob/3db86bc0a09e1038a0fa418262c8a92211c5de69/lib/src/copy/web_socket_impl.dart#L28
https://github.com/dart-lang/web_socket_channel/blob/3db86bc0a09e1038a0fa418262c8a92211c5de69/lib/src/copy/web_socket_impl.dart#L508-L514

This is a security concern (CWE-331), and deviates from RFC 6455 section 10.3:

Clients MUST choose a new masking key for each frame, using an
algorithm that cannot be predicted by end applications that provide
data. For example, each masking could be drawn from a
cryptographically strong random number generator.

[brianquinlan]

This has been fixed in dart:io for over 7 years but it looks like the change never made it here despite the last import being 6 years ago.