Migrate all our onion services to v3

Originally created by @quiet on #16409 (Redmine)

Onion services v2 will probably go away in October 2021. We have to migrate all our onion services to v3.

As of 2020-06-12, the list of Onion services v2 we're running is:

• internal services
  • ssh-hidden on every system we manage
  • xmpp-hidden on im.lizard
  • mumble-hidden on im.lizard:
• public services
  • http-hidden on www.lizard aka. deb.tails.boum.org: used in Tails itself

Note that the version of puppet-tor we're using does not support v3; upgrading it is tracked on #16953 (closed); but in the upgraded version, the high-level way to set up v3 support is broken. Worst case, we can use tor::daemon::snippet like we do for the WhisperBack v3 onion service.