Consider running onion-grater as unprivileged user
Right now, we're running onion-grater as root. Is it even needed?
I believe that the only special privilege that we need for onion-grater is being able to connect to tor control port, which could easily be given to a less-privileged process.
But of course, if onion-grater is compromised anyway, the attacker can trivially deanonymize the user anyway, which is our biggest concern.
This is a result from #19248+