Add support for Commons-Lang's RandomUtils

This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.

java/ql/test/query-tests/RangeAnalysis/A.java

@@ -1,3 +1,6 @@
+import java.util.Random;
+import org.apache.commons.lang3.RandomUtils;
+
 public class A {
   private static final int[] arr1 = new int[] { 1, 2, 3, 4, 5, 6, 7, 8 };
   private final int[] arr2;
@@ -194,4 +197,11 @@ public class A {
       }
     }
   }
+
+  static int m16() {
+    return A.arr1[(new Random()).nextInt(arr1.length + 1)] +  // BAD: random int may be out of range
+      A.arr1[(new Random()).nextInt(arr1.length)] + // GOOD: random int must be in range
+      A.arr1[RandomUtils.nextInt(0, arr1.length + 1)] + // BAD: random int may be out of range
+      A.arr1[RandomUtils.nextInt(0, arr1.length)]; // GOOD: random int must be in range
+  }
 }