Medium-High security enables HTTPS javascript despite noscript settings

1. Set the security slider to "Medium-High"
2. Using the noscript icon in the toolbar, turn on "Forbid Scripts Globally"
3. Visit https://check.torproject.org/ - note "JavaScript is enabled"

If the slider is "High" or "Medium-Low", noscript works as expected. The "Javascript for HTTPS-only" behavior on Medium-High overrides the user's noscript settings.

I think the noscript setting should work independently from the security slider. But at the very least, it's a bug to have noscript saying javascript is blocked when it's actually enabled for all HTTPS.