Onion Circuits should connect via the Tor control port filter

One of my main motivations to remove Vidalia is to get rid of this “one X application has full control over Tor” situation, so it would be good if Tor Monitor was only allowed to get the information it needs, as opposed to being allowed to do everything such as configure a well-chosen set of M attacker-controlled bridges and de-anonymize the user (with precision = N bits, given N total bridges controlled by the attacker).

As of 20150220, Tor Monitor directly uses:

GETINFO circuit-status
GETINFO stream-status
GETINFO ip-to-country

It also uses Stem, that probably sends more control commands to Tor.

Feature Branch: feature/7870-include_onionshare

Related issues

Related to #9366 (closed)
Related to #9365
Related to #8927
Related to #6742 (closed)
Related to #11542 (closed)
Related to #11826 (closed)
Has duplicate #10058 (closed)
Blocks #11197 (closed)

Original created by @intrigeri on 9001 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information