Please incorporate support for PKCS#11 tokens (or a program that can talk to them) for onion services

Hi,

It would be nice if a key for an onion service could be safeguarded on a hardware token, or if Arti would talk to a program like ssh-agent that could use them. My personal interest is that I want to use my Curve25519 OpenPGP key which is on my OpenPGP smartcard to also run my onion service. That way, since the public keys are the same, folks can say with certainty that my onion site corresponds to me and my OpenPGP key.

Using PKCS#11 allows a variety of certificate stores or cryptographic tokens to be used, and makes my "Monkeyspherian punning" of other public key types into onion public keys possible.