Move to tor 0.4.x release series

[redshiftzero]

Description

SecureDrop servers are currently tracking the 0.3.5.x series of Tor. One thing we learned from #tor-dev and this ticket I filed https://trac.torproject.org/projects/tor/ticket/31215 - tor doesn't actually maintain the LTS packages on their apt repo and may pull them down, hence why our tor debs CI target is failing (#4626). We also don't want to use their nightlies since we should probably be doing way more careful QA than we are currently doing (current QA is basically "does the onion service start").

From talking on IRC, most people are using the 0.4.x series. From nickm on IRC: "each [0.4.x] series is supported for 9 months after first stable release, or for 3 months after the next series becomes stable -- whichever is longer" (link to core tor release schedule). They also will maintain packages in the latest stable release series (i.e. 0.4.x but not necessarily the 0.3.5 LTS). Since we're releasing every 6-8 weeks, we should transition instances to latest tor 0.4.x series and then as we were doing previously (to make sure we update after a security vulnerability) monitor for updates and bump to latest before every regular release. This means we get any latest features/fixes, and we can continue to pull packages from deb.torproject.org.