Do not enable CookieAuthentication by default
A use pointed out that Mullvad suggests disabling CookieAuthentication
.
I think they're right: we will enable CookieAuthentication
when needed (i.e., the user asked for it via environment variables), and in general, from man tor
(emphasis mine):
CookieAuthentication 0|1
If this option is set to 1, allow connections on the control port when the connecting process knows the contents of a file named "control_auth_cookie", which Tor will create in its data directory. This authentication method should only be used on systems with good filesystem security. (Default: 0)