Occasionally the CI/CD workflows will fail because the PKCE verifier is less than 43 characters (required by the spec). This can happen if the random number selected is too low, resulting in an encoded byte array that has too few characters.

This is fixed here by ensuring a minimum value for the BigInteger.

Effectively it changes the range from [0 - 2^256) to [2^256 - 2^257) so the generated byte array is always sufficiently long.

Imagine that the random number generator selects the number 250 -- this will be packed into a single octet and the entropy of the validator will be too low. This way, there will always be at least 32 octets.