Tor should deprecate insecure cookie auth

control-spec.txt points out that normal cookie auth represents a security risk for clients.

The Tor daemon should either stop accepting insecure cookie auth entirely, or should log when a client uses insecure cookie auth.