Thanks for the valuable feedback - it looks like testing for randomness is much harder than taking additional precautions in case of a failing system-level PRNG.
Interesting discussion in another thread (emphasis mine):
Your better off concatenating and then hashing the concatenation to the needed size. XORing is not a good idea. To see why, consider which of these is safer (where | is concatenation).
1) XOR(SHA256(X), SHA256(X))
2) SHA256(X | X)
The former is zero no matter what X is. The latter is safe so long as X is safe.
Now, consider this. X and Y are fairly random but, due to a broken PRNG, only differ in a few bits. Which is safer:
1) XOR(X, Y)
2) SHA256(X | Y)
The former can be insecure even if both X and Y are secure alone because all the common bits drop out. 2 is at least as strong as the stronger of X alone or Y alone.
So asking the user for additional random input (the "Y", for instance by "randomly" banging the keyboard for 100 characters) seems to do no harm, at least, and could prevent catastrophic failures that hit many users at the same time and allow for time to react (key rotation etc).