Stop requiring the caller to supply `AuthClient`s.

• Add an encode-decode test for descriptors with client auth.

  This adds a test for an encode -> decode -> encode flow for a hidden service descriptor with client authorization enabled.

• Use constants instead of magic numbers.

• Stop requiring the caller to supply AuthClients.

  AuthClients were originally meant to represent parsed auth-client lines. In !1070 (merged), this struct was repurposed for representing individual authorized clients in the HS descriptor encoder. However, hidden services will likely use a list of public keys to represent the authorized clients rather than a list of AuthClients, as the information from an AuthClient (client_id, iv, encrypted_cookie) likely won't be immediately available to the hidden service.

  This change updates the HS descriptor encoder to represent authorized clients as a list of curve25519::PublicKeys. As such, it is now the responsibility of the encoder to create the client_id, iv, and encrypted_cookie using the available keys, the unencrypted descriptor cookie, and HS subcredential.