> Does an attacker only need to control the guard and exit nodes, or the middle relay node(s) as well?
No, only controlling the guard and exit nodes is necessary.
> If the latter, can you configure Tor to use more than one middle relay node, depending on your threat model?
Tor makes dozens of circuits in a typical use. You never stick to a single circuit. In the Tor Browser you have first party stream isolation so you get a different circuit (and hence different middle and exit nodes) for each first party domain that you visit.
No, only controlling the guard and exit nodes is necessary.
> If the latter, can you configure Tor to use more than one middle relay node, depending on your threat model?
Tor makes dozens of circuits in a typical use. You never stick to a single circuit. In the Tor Browser you have first party stream isolation so you get a different circuit (and hence different middle and exit nodes) for each first party domain that you visit.