Draft: Add HS client key manager sketch.

This is a first attempt at defining an API for the HS client key manager.

• the client key manager (HsClientKeyMgr) lives in the new tor-keymgr crate. Future versions of this crate will also expose HsServiceKeyMgr, which will be used by services to manage client auth keys
• the tor-hsclient::keys module is moved to tor-keymgr::keys (to avoid a circular dependency between tor-hsclient and tor-keymgr)
• TorClient now contains a HsClientKeyMgr for retrieving client auth keys
• arti-client has some new *Config types for configuring a HsClientKeyMgr that uses either the legacy storage format or the current one (TBD what the current one looks like)

Part of #728 (closed).