Provide torrc option to kill hidden service circuits after $TIMEOUT, $NUM_BYTES, or guard changes.
HTTP hidden services and other short-lived protocols do not need to keep their circuits open very long. Somewhere between 10min and 1 hour ought to be plenty. Since long-lived circuits are a vector for guard discovery (see legacy/trac#22728 (moved)), we should provide a torrc option to set a max hidden service circuit lifetime.
Note that making this timeout too low effectively enables new forms of legacy/trac#20212 (moved), so we should err towards an hour for the timeout here until that fix is landed.