Investigate Tor client retry behavior on failing onions

An attacker can cause a Tor client to create many circuits by continuously serving a broken/failing onion over and over again.

We should investigate how many circuits a Tor client is willing to setup for an onion with a non-existent descriptor, or an onion that is unwilling to rendezvous, and see if this is a security issue.