Single hop onion service denial of service issues

This is a parent ticket for all single hop anti-DoS mitigation we want to put in Tor. Not only that but it should be seen as "any client single hop" hidden service requests rather than tor2web specific.

Child tickets are really the meat of the work so anything related to this topic should have a child ticket and this parent ticket should not be used for discussions.