Properly refcount client_identity_key

In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.

src/common/crypto.c

@@ -326,6 +326,7 @@ crypto_free_pk_env(crypto_pk_env_t *env)
 
   if (--env->refs > 0)
     return;
+  tor_assert(env->refs == 0);
 
   if (env->key)
     RSA_free(env->key);

src/or/router.c

@@ -559,7 +559,7 @@ init_keys(void)
    * otherwise, set the server identity key as our client identity
    * key. */
   if (public_server_mode(options)) {
-    set_client_identity_key(prkey); /* set above */
+    set_client_identity_key(crypto_pk_dup_key(prkey)); /* set above */
   } else {
     if (!(prkey = crypto_new_pk_env()))
       return -1;