"why is there even a random number generator in a cpu's microcode?"
Convenience. It's cheaper and easier to have it there than to have to include RNG hardware externally.
"It would make more sense to me for OS or better yet the security software to have an RNG."
Software cannot produce random numbers, only pseudorandom numbers. In practice, with the proper pRNG algorithm, that can be good enough -- but you still want at least one actual random number to seed the pRNG.
"This could tend to make it more difficult for unwanteds to gain access to the device."
That would make it easier, really.