ExitPolicy should apply to already established outbound connections (with a config option, off by default)

To reduce the impact of tor running out of free TCP source ports (see pending comment in #26646) we added a reject entry for the destination causing most outbound TCP connections to the ExitPolicy and restarted tor.

ExitPolicy reject 1.2.3.4:*  <<<< added to avoid outbound connections to this target
ExitPolicy accept *:80
ExitPolicy accept *:443
ExitPolicy reject *:*

Expected: Tor should not create any connections to 1.2.3.4

Even after changing the torrc and restarting tor we see established TCP connections to 1.2.3.4, this is unexpected.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information