circuit_can_use_tap() checks the circuit purpose to make sure that it's an onion service circuit. But it should also check that the circuit is for a v2 onion service before allowing TAP. There should be a field in the circuit or extend_info that we can use for this. This is security-low, because it's a defence in depth mechanism that doesn't provide as much defence as we thought.