When building anonymizing circuits to or from an onion
service with 'lite' vanguards (the default) enabled, the
circuit manager code would build the circuits with one
hop too few.
When 'full' vanguards are enabled, some circuits are
supposed to be built with an extra hop to minimize the
linkability of the guard nodes. In some circumstances,
the circuit manager would build circuits with one hop
too few, making it easier for an adversary to discover
the L2 and L3 guards of the affected clients and
services.