Implicit time range assumption breaks Tor in Shadow

There is an assumption in src/common/tortls.c:582 in tor_tls_create_certificate:

  time_t now = time(NULL);
  start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600;

The assumption is that now is greater than cert_lifetime, which does not hold in Shadow because Shadow timestamps start from 0. This causes a negative value to get sent into crypto_rand_time_range, which later gets passed as an unsigned int, which then fails a bounds assertion because of an underflow.

This problem also exists in 2 other callers of crypto_rand_time_range:

• add_an_entry_guard
• entry_guards_parse_state