Improve documentation for stream isolation in the spec proper

Several times in the past week, I've written documents or responses that had to refer to prop171 or to the C tor manpage "IsolateSocks" section in order to explain how stream isolation works.

We should, at a bare minimum, ensure that the specification itself is sufficient to explain what kind of stream isolation a Tor implementation should provide.

We might want to revisit some of the heavy complexity in our prop171 logic too; but it's probably better IMO to do that separately, with a proposal.