bridgedb should use starttls for outgoing mails

Matt tells me that outgoing mails from bridgedb don't attempt starttls. This is especially sad because those mails include bridge addresses, which we're trying to keep secret from a network adversary who watches bridges.tp.o's network (or the recipient's network).