Fix bridge protocol: descriptor validation, dir proxy, flow control, CREATE2/ntor

Major changes to get the Tor bridge working with a real Tor client:

- Fix descriptor: add onion-key-crosscert (RSA crosscert), strip base64
  padding for inline values, SHA-256-then-sign for Ed25519 descriptor
  signature, add reject *:* exit policy, use actual OR port and address
- Implement directory proxy to gabelmoo dir authority for consensus,
  authority key certs, and microdescriptor downloads
- Fix flow control: remove inline SENDME handler that was dropping
  non-SENDME cells during large transfers, use pacing instead. Fix
  SENDME handling to only count circuit-level SENDMEs (stream_id==0)
- Implement CREATE2/ntor handshake for circuit creation
- Add linked Ed25519/Curve25519 onion key pair for ntor-onion-key-crosscert
- Increase TLS read timeout from 30s to 300s for slow downloads
- Add BEGIN cell handler with TCP connect and bidirectional forwarding

Achieves 95% Tor client bootstrap (pending ntor auth fix).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: gpuhashcracker

include/tor/crypto/keys.hpp

@@ -210,6 +210,11 @@ struct RelayKeyPair {
     Curve25519SecretKey onion_key;
     Rsa1024Identity rsa_identity;
 
+    // Ed25519 key derived from the same seed as onion_key, used for
+    // ntor-onion-key-crosscert in descriptors.
+    Ed25519SecretKey onion_ed_key;
+    uint8_t onion_ed_sign_bit = 0;
+
     [[nodiscard]] static std::expected<RelayKeyPair, KeyError> generate();
 };