If we generate DH groups, do so asynchronously
One of the main reasons to disable dynamic dh groups by default (legacy/trac#5598 (moved)) was that they take a long time to generate, and that doing so stalls the Tor startup (legacy/trac#4721 (moved)) and makes controllers and user applications unable to use Tor.
This will become a more serious problem if we make our DH groups change when our IP changes in order to prevent bridge tracking (legacy/trac#6087 (moved)), since instead of stalling at startup, we'll stall every time we change IP.
And if we ever use longer DH keys (legacy/trac#6088 (moved)), blocking will become untenable here: generating a 2048-bit DH group tooks 140 seconds when I tried it just now on my fastest desktop, and my netbook has been trying to generate one for 30 minutes now with no results yet.
So what we need to do, if DynamicDHGroups is on, is to only generate DH groups in a background thread, and not enable any TLS listeners until they're generated.