[meta] Improve Tor Browser Content Process Sandbox

This ticket is specifically for tightening the content process sandbox.

An attacker who achieves code execution inside the content process sandbox should not be able to achieve the most valuable goals (proxy bypass/persistent user identifier) inside the content process and should instead need a sandbox escape.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information