Make entry guard persistent across reboot

Originally created by @segfault on #11732 (Redmine)

Tor uses entry guards [1] to make some deanonymization attacks harder. We currently don’t have this in Tails, because it would allow location tracking of Tails users by observing which guard nodes are used, which would be a severe regression and render the MAC randomization feature useless.

See [2] for thoughts on the location tracking problem and an attempt to find a compromise between protecting against location tracking and deanonymization attacks.

[1] https://www.torproject.org/docs/faq#EntryGuards
[2] https://tails.boum.org/blueprint/persistent_Tor_state/

Blueprint: https://tails.boum.org/blueprint/persistent_Tor_state/

Parent Task: #5462

Related issues

Related to #11884
Has duplicate #17487 (closed)

Edited May 15, 2020 by segfault

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information