Support ORPort picking a random port that persists across restarts

A bridge's transport port and OR port are semi-secret. We don't want a bridge to listen on port 9001 because it would facilitate Internet-wide scanning: a censor could scan the entire IPv4 address space for port 9001 and block all bridges they discover this way. We therefore encourage operators to not set ServerTransportListenAddr, which makes Tor pick a random port and write it to its state file, so it persists across restarts. Bridge operators can then whitelist this port in their firewall configuration.

Bridge operators may welcome a similar option for ORPort. However, when setting ORPort to auto, Tor attempts to find a new port each time it starts. This means that operators would have to re-configure their firewalls after each restart.

In the short term, we should instruct operators to pick their own ports and explicitly set them for both ORPort and ServerTransportListenAddr but in the long term we may want ORPort to be able to pick a random port and save it to Tor's state file.