Figure out how to sandbox meek in a sensible way.

Right now sandboxed-tor-browser does not support meek at all. This is suboptimal since it is popular.

There's two ways forward from my perspective:

The correct fix would be to add code to spin up another sandbox container (since I do not think that even a neutered firefox process should live in the tor sandbox), for the meek helper firefox instance.
The quick and dirty way would be to use meek_lite since obfs4proxy is allowed, and shipped versions contain the code. The downside is that it is even more distinct than meek usually is.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information