Detect relays that don't update their onion keys every 7 days.

This is related to legacy/trac#20055 (moved) which would be an important thing to monitor for the health and security of the network.

There are multiple things here that can be or should be checked.

The onion-key field is an RSA key so DocTor will need to keep a persistent database of those over time (only used for TAP handshake).

The ntor-onion-key field also can be monitored the same as the RSA key.

If the ntor-onion-key-crosscert field is present, you'll get a timestamp for free in the certificate which should have the exp_field set to the last published time + 7 days.

In any case, a router SHOULD NOT have either a TAP or ntor onion key more than 7 days as this is hardcoded in Tor. If they do, it could be another implementation but finding them would be good so we can warn/ask them to fix. Or better, detect bugs as well on tor implementation that could keep those for a longer time.