Consider using unix sockets for onion services in Tails Server

Instead of listening on 127.0.0.1 via TCP, Tor supports listening on a unix socket. This has the potential to be faster [1], prevents potential localhost bypasses [2], and allows the use of systemd’s privatenetwork isolation feature [2,3] (although the latter would not work with LAN connections).

[1] https://trac.torproject.org/projects/tor/ticket/11485
[2] https://riseup.net/en/security/network-security/tor/onionservices-best-practices
[3] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateNetwork=

Not all services support listening on unix sockets though.

Original created by @segfault on 12024 (Redmine)