Make Intermediate Cert Store Memory-Only for TorBrowser
User stored certs as well as the intermediate certificate store should be memory-only by default in TorBrowser. This should be easy for user certs. No so sure about intermediate ones. Need to review the relevant code first.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information