Harden default LUKS2 settings

See https://discuss.kde.org/t/making-libkpmcores-luks2-settings-more-secure/21764 for rationale. tl;dr: the default settings for LUKS2 encryption in libkpmcore aren't as secure as they could be and it would be useful to strengthen them.

A breakdown of the added cryptsetup options:

• --use-random: Uses /dev/random as an entropy source rather than /dev/urandom - this provides higher-quality entropy on some distros, and shouldn't have any substantial downsides on others.
• --cipher aes-xts-plain64 - Ensures the strongest variant of aes-xts is used.
• --hash sha512 - Ensures a very strong hashing algorithm for deriving a decryption key from a passphrase. The default is some distros is only sha256.