clients that never restart never drop old guards
When we get a consensus we check whether to drop guards that have been down long enough.
But we only compare chosen_on_date to now when we're loading the state file, which we only do at start.
So if the Tor client stays running for more than a month or two, its guard behavior deviates from normal.
Discovered while talking to Tariq about his guard simulation attack graphs and trying to puzzle through his unintuitive results.