run some experiments with CAPTCHAs

As we are planning to phase out CAPTCHAs (#173 (closed)), can we run some experiments and see if they can be still effective?

We could either use the existing moat CAPTCHA API as we have some months until clients stop using it, or we could do it in the HTTPS distributor as soon as we have migrated it to rdsys (#2 (closed)).

There was a thread in the mailing list some years ago about this: https://lists.torproject.org/pipermail/tor-dev/2021-July/014604.html

We should explore the space and see what better options for CAPTCHAs exist now a days.