Prevent the "easy" to fix X11 related sandbox escapes.
Per "Jann Horn of Google Project Zero", X11 provides a few vectors for sandbox escape. While this is not part of the threat model in current releases, the trivial cases should be fixed.
In the mean time, the documentation has been updated to note that this isn't covered: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux?action=diff&version=22
nb: Even if the trivial cases are fixed, this still won't prevent an adversary from doing evil to or via X11.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information