New certificate storage does not obey `security.nocertdb`
As mentioned in #33534 (comment 2683533) there is a new certificate storage mechanism
where data is stored under profiledir/security_state/ which is not
disabled by Tor Browser setting security.nocertdb = true.
Thanks to a cypherpunk for the reminder to file the ticket.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information