Audit Instantbird's security
We need a thorough security audit of Instantbird which checks for things like:
- render attack surface (content window, XSS filter, etc.)
- crypto in NSS and how JS uses it (if we use it?)
- interface between the UI and OTR
- Proxy by-pass issues