A private key cannot be more than the curve's order, so don't risk generating a random number that will be an invalid key.
Setting the proper upper bound makes it unneccessary to then test that the point is valid and potentially raise an error. We should have at the very least retried in a loop until the rand integer is in the correct range.
Depends on D16677