Refactor circuit_build_failed to separate build vs path failures

We should not give up on the network, our TLS conn, or our guard in the event of path failures (which can happen if we're low on mds, and/or if the user set a bunch of path-restricting torrc options).

I think this might want to be a backport. It should also handle #25347 (moved).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information