Audit onion-grater configuration

Let's prevent our /etc/onion-grater.d/ from bitrotting, and do periodic audits:

• look for access that’s
  • higher than needed
  • higher than what we are consciously aware of (see e.g. #20815 (closed))
    • check that there are comments and design documents clearly stating what kind of capabilities every program using the Control Port has.
• create a new, related issue, with due date 2 years from now