Use hidden service client authorization

[special]

Ricochet could use tor's client authorization feature to gain more control over who can connect to the hidden service.

Benefits:

• Prevents enumeration/probing of Ricochet users by HS directories (more effectively than #102)
• Contact requests could be (temporarily) disabled, without affecting existing contacts
• Old contact request addresses could be revoked by generating a new cookie
• Contacts could be removed and blocked by revoking their cookie
• Control over who can initiate rendezvous!

Potential issues:

• This feature is not often used and not well tested in tor
• Not currently supported by the new ADD_ONION control API
• Contact addresses are longer (but this happens with prop 224 anyway; only a matter of time)
• Ricochet services' descriptors are more distinguishable, because they use this rare feature
• Anyone can estimate the rough number of contacts (to multiples of 16)
• Anyone with the onion address can still estimate availability by watching descriptors

I think this is worth exploring, mostly for the resistance to denial of service/guard/other attacks from non-contacts, and for the control over allowing outside connections for contact requests.

[ghost]

Not currently supported by the new ADD_ONION control API

https://github.com/micahflee/onionshare/issues/144#issuecomment-268737310