This is based on ideas from Liberte Linux' tordate script,
and meant to implement
https://tails.boum.org/todo/remove_the_htp_user_firewall_exception/

This allows greatly simplifying the 50-htp.sh NM hook: no need to do fancy
tricks with /etc/hosts anymore.

Split out and re-order NM hooks:
  First, setup the firewall.
  Then restart Tor.
  Then set the time using Tor consensus, and start HTP (non-blocking) in the background.
  Eventually, restart and cleanup everything that needs to: ttdnsd, pdnsd,
  Vidalia, etc.

Doing so allows us to stop passing a tiny DNS timeout to htpdate / wget anymore:
commit e291af5d, that introduced this "-t 1" option, explains why it was added.
These reasons don't stand anymore: the IPs of the server queried by htpdate are
not in /etc/hosts nowadays.

Non-blocking htpdate has an initscript (/etc/init.d/htpdate, that should not
start on its own); its options were moved to /etc/default/htpdate.

The tails-htp-notify-user script is removed: no need for feedback as this is now
non-blocking and does not prevent actual usage. A bit more KISS does not hurt.