Make sure clients almost always use ntor

Update: All clients should use ntor for almost everything The only exceptions are during the hidden service protocol. Client to intro and hidden service to rendezvous should still be able to use TAP.

isis asks in #1744 (moved):

 // XXXprop#188 Why do we not care if it's ntor if it's only one hop?

I think it's because one-hop circuits were originally used only for directory fetches, which are authenticated by signature (and not private).

But with RSOS, maybe we should require all one-hop paths to have ntor. I need to talk to a cryptographer about this.

See the populate_cpath function for details.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information