Circuit Path Restriction Application Revamp

Path restrictions can leak information when enforced in various cases. Here's a some examples:

• https://spec.torproject.org/vanguards-spec/path-construction.html#path-restriction-changes
• tor#40935 (comment 3090023) (see tickets linked there too)
• https://old.reddit.com/r/TOR/comments/1illws8/entry_node_and_middle_noderelay_same_ip/
• #231

Basically, the major issues are:

1. We don't want path restrictions to cause us to not use certain exits, because this is visible to websites (especially over time, if the user is logged in).
2. We don't want path restrictions to force us to use more guards, just to use certain exits or vanguards, since this is obvious to the ISP.
3. We don't want path restrictions to avoid certain vanguards, since this reveals the guard node (guard discovery)
4. We don't want path restrictions with bridges to prevent us from building circuits

@nickm suggested that we only enforce restrictions for middle nodes. I think this makes sense, so long as we don't consider vanguards to be middle nodes.

Some other notes to consider here:

• For several reasons, we want to stop assigning both the Guard+Exit flag to the same relays
• If we fix the Guard flag assignment such that it is exactly as much as we need per the balancing equations, we can prevent Guards from being used as middles as well (which solves the Vanguards problem, since those are Stable)

I'm sure there are more corner cases and things to consider. Feel free to comment here.

Cc: @nickm @dgoulet @gabi-250