Exempt .onion domains from mixed content warnings

Part one of getting .onions exempted for the HTTPS requirement for secure contexts was done in legacy/trac#21321 (moved). Now we want to extend that to mixed content settings as well. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1382359 for the Mozilla bug.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information