Taint untrusted link authentication keys
We should taint untrusted link auth keys, and then downgrade connections using tainted keys to protocol warnings.
Link auth keys from the following sources are trusted:
- hard-coded authorities
- the consensus signed by hard-coded authorities
Link auth keys from the following sources are untrusted:
- hardcoded fallback dirs, because relay keys change over time
- our state file (if not confirmed in the consensus), because relay keys change over time
- onion service descriptors, because they come from untrusted services
- onion service introduce cells, because they come from untrusted clients
Split off #26924 (moved).