Eliminate "silent-drop" side channels in Tor protocol

There are lots of ways to inject data into Tor streams, and this is a vector of attack for guard discovery and confirmation ("DropMark" attack): https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf

I have a branch that tries to eliminate a pile of these from a while ago, but it has lots of false positives due to the common occurrence of invalid stream IDs in practice (see #25573 (moved)). https://gitweb.torproject.org/mikeperry/tor.git/log/?h=timing_sidechannel_fix-squashed1

I think we may want to do #25573 (moved) before trying to merge that branch.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information