tor-hsservice: Add watcher for restricted_discovery config changes

This MR adds support for live-reloading the restricted discovery config (#1505 (closed)).

It implements roughly what is described in doc/dev/notes/restricted-discovery-reloads.md.

It has 2 parts:

• a refactoring that extracts the FileWatcher from arti/src/reload_cfg.rs.
• descriptor publisher support for #1505 (closed). The publisher now uses the usual config reconfigure() mechanism to watch for changes in the restricted_discovery.static_keys, and FileWatcher to watch for changes in the restricted_discovery.key_dirs

The publisher changes are unfortunately untested, because MockRuntime isn't able to handle code that spawns threads and communicates with them via async facilities (this is one of its known, documented limitations). I will need to somehow extract the config change handling logic of the publisher in a separate component, and test that in isolation (I want to do that as a follow-up to this MR).

Questions for the reviewer

1. Does it make sense to put the file_watcher in tor-config, or should it have its own crate?
2. The TODO above FileWatcher says it should be tested and its API should improve a lot before we make it public. I have slightly tweaked its API and tested its event handler, but I don't feel like the API is necessarily improved. I do think, however, that it is small and self-contained enough to be a good starting point for our future file watching needs (I also think it is OK for it to be pub). Do you agree it is in a good enough state to be made public?

Closes #1505 (closed)