We now check the handshake certificates unconditionally, and only
report them as _expired_ as a last resort.

(Rationale: if somebody is presenting the wrong identity from a year
ago, it is more interesting that they are presenting the wrong ID
than it is that they are doing so with an expired cert.

We also now report a different error if the certificate is expired,
but its expiration is within the range of reported clock skew.

(Rationale: it's helpful to distinguish this case, so that we can
blame the failure on possible clock skew rather than definitely
attributing it to a misbehaving relay.)

Part of #405.

NETINFO cells, which are sent in every handshake, may contain
timestamps.  This patch adds an accessor for the timestamp in the
Netinfo messages, and teaches the tor-proto code how to compute the
minimum clock skew in the code.

The computation isn't terribly precise, but it doesn't need to be:
Tor should work fine if your clock is accurate to within a few
hours.

This patch also notes a Y2038 problem in the protocol: see
torspec#80.

Part of #405.

These documents explain how to profile arti for CPU and memory, and
how to simulate different kinds of breakage and misconfiguration.

They aren't at all in their final form, but I figure it's useful to
check them in so that more people can look at them, and make
suggestions.

This should save around 1MB per consensus, since every relay has a
'protocols' lines, but there are only a few distinct possibilities
for such a line.

Closes #385.

When the version is a Tor version, we can just parse it; otherwise,
we can intern it.  This shrinks GenericRouterStatus and avoids a lot
of extra help allocations.

Make update_config only conditionally exported; add semver-status update.

Replace the recapitulation of TorClientConfig fields in ArtiConfig and
instead just have it contain one.  This is part of #374.

The conversions from ArtiConfig back to ArtiConfigBuilder and
TorClientConfigBuilder would need to change, but, since we don't want
them anyway,

No longer impl Deserialize for ArtiConfig.  (As per #371 this will
want to become a private type.)

No longer impl From<ArtiConfig> for ArtiConfigBuilder and
TorClientConfigBuilder.  And abolish tests of that code.

(This all has to be in one commit, because previously
ArtiConfig::tor_client_config used the validated-to-builder config
retcon.)

We perform this operation in a bunch of places, and most of them
use hex::decode().  That's not great, since hex::decode() has to do
heap allocation.  This implementation uses hex::decode_to_slice(),
which should be faster.

(In the future we might choose to use one of the faster hex
implementations, but I'm hoping that this change will be sufficient
to get hex decoding out of our profiles.)

Part of #377.

Previously they returned an Arc, which wasn't necessary unless the
client actually _wanted_ a new Arc.

This would be an API break, except that these functions are marked
'experimental-api', so semver does not apply; nonetheless I've noted
the break in semver_status.md, just in case we care.

Closes #369

Update all references.  There are three remaining hits for
  git-grep '\.py\b'
all of which are scripts in "little-t-tor", not here in arti.

As per #309

Update all references.  There is one remaining hit for
  git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.

This is a nice reminder to have before we solve arti#303 for good.

Part of #277