Tor before VPN

This issue is about connecting to a VPN using Tor.

In some situations, it can be useful to connect to a VPN through Tor:

1. Access services that block Tor.
2. Reach a local resource on a VPN that is not accessible in any other way.
3. Reach a VPN non-anonymously (e.g. your account is tied to you IRL) while only hiding your geo-location, which may be the only thing you need in some situations. (Maybe invalid since this is not part of the PELD spec (yet?) AFAIK.)

The easiest way to solve use case 1 (which we feel is the most important one for this Tor/VPN setup) is to use a SSH connection with the DynamicForward option. The newly created SOCKS port can be used to have a fixed outgoing IP address. We could write on how to use that in an "unsupported, advanced users only, may kill kittens" part of the documentation.

Blueprint: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/VPN-support