relay: Overload state for DNS timeout error should be done after X% failure

We currently get into an overload state if an Exit only hits once a DNS timeout error which is way too low. Lets get into an overload state only if we have 1% of all our DNS requests end up timing out.

To do this properly, we should accumulate DNS requests for some time (or some number of requests) before assessing if we've reached the X% threshold. And we should use a timeframe before assessing a certain threshold.

After discussing with @mikeperry on IRC, we think doing consensus parameters controlling X% over Y minutes would be the way to do this. And we can set the defaults to X=1 and Y=10 for a 1% DNS errors over 10 minutes.

And every, 10 minutes, that total number of DNS requests needs to be reset so previous period don't affect the subsequent periods.

We need to backport this to 0.4.6 else we'll have a big problem on the network where almost all Exits will start reporting overload state once they migrate to 0.4.6+

Edited Oct 18, 2021 by David Goulet

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information