Use MiddleNodes torrc directive to protect Exit-traffic from guard discovery

[mikeperry-tor]

There are some vectors of guard discovery that exit nodes and malicious websites can use. In tor, we might want to chase these down individually rather than mess with our load balancing in this way. But for vanguards addon users who use Tor 0.4.0.x and above, we can set the MiddleNodes directive to use layer2 guards there instead, in pretty much exactly the same way as we use HSLayer2Nodes. As an added bonus, we wisely defined MiddleNodes to only apply to circuits for which HSLayer2Nodes does not apply to.

This won't be as strong of a defense as the full 3 layers of vanguards, but it will still help the situation, and exit traffic is less exposed to this risk anyway.

We can call it midguards, to both reference Tolkien, and to continue the fine and confusing tradition of naming all of our various sub-component defenses various after kinds of guards.

So we have all of that going for us, which is nice.

[mikeperry-tor]

Actually, maybe we want to use layer3 guards here instead. Because the client's exposure to a specific malicious websites should be of much shorter duration than a normal hidden service guard discovery attack, we can probably get away with much more middle nodes than layer2 nodes, and we should be able to rotate them faster. This should help with load balancing and performance.

Though we should not, of course, use the same exact layer3 nodes for this set. We should just pick them in the same way as we pick layer3.

[mikeperry-tor]

For completeness, these guards should be cleared whenever we see a 650 SIGNAL NEWMYM signal event, because there is a vanishingly small linkability risk by the exit node for users who are visiting the same site repeatedly within the rotation window, while also mashing "New Identity" repeatedly in their browser. This risk is almost small enough not to worry about, but it is easy enough to actually do something about since this event exists. So we might as well do it.

[mikeperry-tor]

Note: We are currently handling this by scanning on the Tor side, as well as potential tor fixes in the future. The scans we have are quite comprehensive for the vectors we are currently aware of, but there may be more, so I am leaving this opened.