Make NumEntryGuards configurable by the consensus

I plan to move clients to using 1 guard rather than 3. But I'd like to do that in a way that we can move them over as a group, once enough people have upgraded. I think that calls for a consensus param.

I shall call it NumEntryGuards.

And the controversial point is that I want to put it into 0.2.4.x as a security fix.

The timeline will be for some folks to upgrade, then we stick it in the consensus as NumEntryGuards=1, then when nothing explodes, we change the default-if-it's-not-in-the-consensus to 1, and eventually we don't need to set the consensus param anymore.