Apparently, clients don't have to report
their IP addresses.

According to spec:
Initiators SHOULD use "this OR's address" to make sure
that they have connected to another OR at its canonical address.

According to spec:
Clients SHOULD send "0" as their timestamp,
to avoid fingerprinting.

According to spec:
```
   To authenticate the responder as having a given RSA identity only,
   the initiator MUST check the following:

     * The CERTS cell contains exactly one CertType 1 "Link" certificate.
     * The CERTS cell contains exactly one CertType 2 "ID" certificate.
     * Both certificates have validAfter and validUntil dates that
       are not expired.
     * The certified key in the Link certificate matches the
       link key that was used to negotiate the TLS connection.
     * The certified key in the ID certificate is a 1024-bit RSA key.
     * The certified key in the ID certificate was used to sign both
       certificates.
     * The link certificate is correctly signed with the key in the
       ID certificate
     * The ID certificate is correctly self-signed.

   In both cases above, checking these conditions is sufficient to
   authenticate that the initiator is talking to the Tor node with the
   expected identity, as certified in the ID certificate(s).
```

Making sure consensus data is signed by majority
of trusted authorities is probably the most important
security check in TOR which was missing from NOnion,
this commit fixes that.

This commit also fixes an issue with parsing
directory signatures, adds digest calculation
to NetworkStatus and changes networkstatus.json
to use Indented formating to help with manual
validatation.

This commit moves the auth_dirs.inc file
to EmbeddedResource so end users don't have to
carry the list around with their applications.

This commit removes janky pem reader code
in favour of Bouncycastle's PemReader.

This commit replaces Chaos.NaCl in favour of
our custom bouncycastle.