Implement support for reachable_addrs

This branch implements our first "guard filter": a configuration parameter that lets you tell arti that your firewall will only support connecting to certain address/port combinations. The default is [ "*:*" ], of course. The most common value that people have used with C tor is [ "*:80", "*:443" ].

There's a fair amount of plumbing that goes into making this feature work:

• In addition to implementing the filter itself, I needed to extend the behavior of guard filters so that they can also remove addresses from the ChanTargets that we return for guards.
• We finally get support for having multiple independent GuardSets. For now we only have two, but we will add support for a third when we build bridge support, and maybe for more beyond that. See guard-spec.txt for more info.

This patch builds on !568 (merged), which taught GuardMgr about NetDirProvider.

Closes #93 (closed).

Closes #491 (closed).