channels: Fix integer overflow in generate_cookie().

Since the type of rnd[i] is signed char, (rnd[i] >> 4), which is
considered as arithmetic shift by gcc, could be negative, leading
to out-of-bounds read.

src/channels.c

@@ -1828,7 +1828,7 @@ int ssh_channel_request_sftp( ssh_channel channel){
 static ssh_string generate_cookie(void) {
   static const char *hex = "0123456789abcdef";
   char s[36];
-  char rnd[16];
+  unsigned char rnd[16];
   int i;
 
   ssh_get_random(rnd,sizeof(rnd),0);