StrongSocksIsolation option (w/ virtual circuits?)
For tor browser security and usability, it would be nice to have an option that instructs Tor to try harder with SocksIsolation. In particular, if this is set, Tor should not retry any stream requests on new circuits once a circuit is successfully used. This will prevent guard discovery attacks from working against the browser (see legacy/trac#13669 (moved) and https://trac.torproject.org/projects/tor/ticket/7870#comment:18).
Additionally, if this value is set, TrackHostExits should also follow the socks username and password isolation. In other words, Tor should track the exits used by hostnames independently for each socks username+password. This would allow us to re-implement legacy/trac#13766 (moved) and legacy/trac#9442 (moved) using TrackhostExits instead of MaxCircuitDirtiness (which will mean less idle circuits staying open on relays, taking up memory).