Don't serve or accept hidden service descs over non-tunneled connections
rransom suggests that we enforce a rule that hidden service material can only be served or published over a tunnelled connection. Though it isn't secret per se, it's always incorrect to receive it or send it unencrypted, and keeping it sent over Tor may reduce our attack surface slightly.
Seems worth merging.