safelogging should cover hidden service name and intro-points too

In log messages about a hidden service we operate, we don't replace the hidden service name with [scrubbed].

Historically, this was considered fine, because you have your hostname and private_key files on disk already.

But if the user puts his $datadir on encrypted storage, and the logs aren't on encrypted storage, then the logs could be the weak link.