Document Onion Services subdomain support for HTTP(S)

Currently there are a few references about the subdomain support for Onion Service sites (i.e. Onion Services using HTTP or HTTPS).

• Write a section about how to handle subdomains under the Advanced Settings page.
• Enhance best practices documentation by pointing that Operators shall protect their configuration against subdomain testing, which can reveal server location in case of a misconfiguration, like a $random_string.$onion_domain.onion being not catched by an Apache ServerAlias *.$onion_domain and being directed to a default server page which identifiable information. That should be also included in the checklist as well.