Tighten our rules in our entitlements file for macOS
comment:40:ticket:30126 mentions two possible rules we could tighten in our entitelments file:
com.apple.security.cs.disable-library-validation=false com.apple.security.automation.apple-events=false
The former seems indeed to be a clear winner but I am not sure about the latter as we usually don't want to break the expected behavior for users installing WebExtensions (even if we don't recommend it).
We could think about more rules to be tightened while we are at it.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information