Make sure we could support intro-authentication if we wanted to

We should make sure our client authentication/authorization design is such that, if we eventually wanted to add client and service support for INTRODUCE2 authentication via the K_hsc_intro_auth keys, we could do so without really messing up our configuration.

Actually adding introduce2 authentication is not on the table for this milestone; C tor doesn't have it and AFAIK it isn't something people are asking for.

See discussion at !1557 (comment 2938353)

---

Additionally (same discussion) we should decide on our design for deciding whether to require authentication.