Implements algorithm described in Appendix C of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf

As a first draft, this is using the rand_core::OsRng to generate a random number in the range [2, n).
Obviously this should be replaced somehow. One option is to pass an impl of a PRNG as a parameter, but maybe there is a better solution...

Given that:

According to Fact 1 in [Boneh 1999], the probability that one of the values of y in an
iteration of Step 3 reveals the factors of the modulus is at least 1/2, so on average, at most
two iterations of that step will be required

and that:

• gcd(g, n) = 1 (if not we immediately found a factor of n and we've finished...)
• g^(ed - 1) = 1 (mod n) (e and d are valid RSA parameters and this property should hold)
• (e*d - 1) can be decomposed in odd and even factors: r * 2^t (with r odd)

The only requirement to succeed is to pick a g such that:

1. g^(r·k) = 1 (for 1<= k <= 2^t) <= this is always true when the assumptions above are true
2. g^(r·(k-1)) ≠ -1

These two requirements are why the probability to succeed with a random g is 1/2.
That is, given a sequence of g^z (0 <= z <= ed -1) that for sure ends up with 1 at some point we will catch -1 or 1.

If 2 doesn't hold ... we'll try with another g.

As an attempt to remove the dependency on a random num generator given the super high probability to catch a correct g, maybe we can remove at all the generation of g via a proper random number generator and set it to something "good enough" (e.g g = e · i, with i =1..100) or something like that...