Make client-side SNI be between 8 and 20 characters, like the server side one

Summary

A recent question raised on the forum highlighted the issue of AV software flagging the random SNI's Tor uses in TLS connections - where the domain is a known phishing domain.

Presently the fake_hostname (SNI) created here is ephemeral and not logged anywhere. It is thus impossible for a user to verify that an AV report is a genuine false positive - i.e. tor generated a random SNI hostname that just happens to match a known phishing site.

What is the expected behavior?

Generated fake_hostnames should be logged somewhere. A user would then be able to positively verify that an AV report of the kind described was a false positive. The relevant Known Issues support page would need to be updated to describe how to do so. This could be as simple as instructing the user to refer to tor's logs.