Okay, I finally have some code that works! (attached)

I tested it by using `inotifywait -m /dev/urandom` [0] to see that
/dev/urandom was indeed being open and closed for writing when running
`herd {start, stop} urandom-seed`. If you can suggest a way to see
exactly what is being written to /dev/urandom, I would like to verify it
more fully.

If you test it, don't be surprised that the random-seed is empty the
first time you start the service. It is `touch`-ed at boot but filled
during shutdown.

The big caveat is that the only way I could make it work was to use the
old service API. I just couldn't figure out how to use the extensible
service API for a service that takes to arguments.

If this is a problem, then your help is wanted!

I also had to change the location of %random-seed-file from
/var/run/random-seed to /var/lib/random-seed, because /var/run is
cleared upon reboot. This is specified in the FHS standard [1]. Debian
puts it at /var/lib/urandom/random-seed.

[0] From the inotify-tools package

[1]
http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA