Encryption/decryption and signature checking for onion descriptors
As a follow-on or related issue to #683 (closed), we will neeed to encrypt/decrypt the inner part of an onion service descriptor using the correct keys, and validate signatures throughout.
See rend-spec-v3.txt
section 2.5.