circ: We can pick an active circuit that is marked for close

The issue lies in when we detach cicuits from the cmux.

The function circuitmux_get_first_active_circuit() returns the first active circuit from the given cmux (attached to the channel).

But, when we mark for close a circuit, we don't detach it from the cmux, it is only done "before free" so the result is that cmux->policy->pick_active_circuit() can return a marked for close circuit then a cell is dequeued from it and sent on the wire.

In my experimentation, I only saw END, DROP and TRUNCATED relay commands being sent on the wire from a marked for close circuit. Thus, I don't think that is currently such a big problem but still, not that good I would say.

We should assume that from the time the circuit is marked for close, nothing should go outbound on it from that point on.

Possible solution would be to detach the circuit from the cmux when marked for close or make the active circuit function ignore closed circuit.

Not sure at this point about backport.