HiddenServiceAllowUnknownPorts will be incompatible with https-by-default

In Tor we have a feature named HiddenServiceAllowUnknownPorts (from #13667 (closed), off by default) which means onion services tear down circuits when somebody tries to connect to a virtport that isn't configured to work. The goal is to slow down port scanning.

And at the browser level we have an https-by-default feature which, when you try to visit an http url, launches an https attempt in parallel and uses the https connection if it finishes quickly enough.

Currently Tor Browser doesn't do https-by-default for onion services, because the onion service ecosystem doesn't have https consistently enough. But it's just a matter of time until acme, let's encrypt, etc make https easier and more common and we'll want to enable the https-by-default for onions too.

But! If we turned it on right now in Tor Browser, the HiddenServiceAllowUnknownPorts check would cause the onion service to tear down the circuit when the optimistic request for port 443 arrives!

We should change the behavior (both in c-tor and in arti if it does it) so that when we want to roll out https-by-default for onions, we can.