hs: stop HSDirs being used as single-hop "proxies"
handle_post_hs_descriptor and handle_get_hs_descriptor_v3 should check that the connection is:
- encrypted, and
- not from a client (channel_is_client in 0.3.1.1-alpha and later correctly identifies unauthenticated peers, which are clients and bridges).
For HSv2, we should allow direct Tor2web client connections by default, but have a consensus parameter to turn them off. Direct service connections should always be refused,