First cut of circuit isolation support

• This adds in support for isolating streams in onion-tunnel, by refactoring the protect function into a more generically useful TunnelScaffolding trait and generic type parameter, and adding an isolate method to that.
  • This required making the parser spit out the source and destination tuples, since smoltcp won't know this information at the time we start the proxy (since it hasn't gotten the SYN yet).
  • As an unrelated bonus: we set the optimistic flag on Arti streams now, speeding up the start of connections (since we can start sending data through Tor immediately rather than waiting for an acknowledgement).
• onionmasq-mobile then implements isolate in its scaffolding, calling out to the getConnectionOwnerUid function.
  • Note that this function failing to return a result will now abort connections, as a safety measure to prevent things accidentally escaping isolation.
  • This function, despite not being used yet (from what I can tell), worked perfectly in my tests!

Closes #30 (closed). Requires !58 (merged) to be of much use, since the optimistic flag now makes the race condition fixed by that MR basically always lose.