Allow javascript: links from HTTPS first party pages

When we consolidate the security slider options into just "High", "Medium", and "Default", we should ask Giorgio if he can give us a way to allow javascript: links when JS is enabled for HTTPS first party pages (but not http pages).

This is the main thing that I've noticed breaking on "Medium-High", which if we make the new "Medium", we should definitely fix.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information